diff options
author | Sean Griffin <sean@seantheprogrammer.com> | 2017-11-13 13:24:28 -0700 |
---|---|---|
committer | Sean Griffin <sean@seantheprogrammer.com> | 2017-11-13 13:31:46 -0700 |
commit | 68fe6b08ee72cc47263e0d2c9ff07f75c4b42761 (patch) | |
tree | 2556c4cd3cfe8778e5d43bec8f4ca28a2a5db594 | |
parent | f49d59432a0b5b4a492fd8464c00edbb5b9a8b7e (diff) | |
download | rails-68fe6b08ee72cc47263e0d2c9ff07f75c4b42761.tar.gz rails-68fe6b08ee72cc47263e0d2c9ff07f75c4b42761.tar.bz2 rails-68fe6b08ee72cc47263e0d2c9ff07f75c4b42761.zip |
Properly cast input in `update_all`
The documentation claims that given values go through "normal AR type
casting and serialization", which to me implies
`serialize(cast(value))`, not just serialization. The docs were changed
to use this wording in #22492. The tests I cited in that PR (which is
the same test modified in this commit), is worded in a way that implies
it should be using `cast` as well.
It's possible that I originally meant "normal type casting" to imply
just the call to `serialize`, but given that `update_all(archived:
params['archived'])` seems to be pretty common, I'm inclined to make
this change as long as no tests are broken from it.
-rw-r--r-- | activerecord/CHANGELOG.md | 6 | ||||
-rw-r--r-- | activerecord/lib/active_record/sanitization.rb | 3 | ||||
-rw-r--r-- | activerecord/test/cases/relation_test.rb | 7 |
3 files changed, 14 insertions, 2 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index c95e80755d..81ff2923ce 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,9 @@ +* `update_all` will now pass its values to `Type#cast` before passing them to + `Type#serialize`. This means that `update_all(foo: 'true')` will properly + persist a boolean. + + *Sean Griffin* + * Add new error class `StatementTimeout` which will be raised when statement timeout exceeded. diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb index 1c3099f55c..90cc3373fb 100644 --- a/activerecord/lib/active_record/sanitization.rb +++ b/activerecord/lib/active_record/sanitization.rb @@ -110,7 +110,8 @@ module ActiveRecord def sanitize_sql_hash_for_assignment(attrs, table) # :doc: c = connection attrs.map do |attr, value| - value = type_for_attribute(attr.to_s).serialize(value) + type = type_for_attribute(attr.to_s) + value = type.serialize(type.cast(value)) "#{c.quote_table_name_for_assignment(table, attr)} = #{c.quote(value)}" end.join(", ") end diff --git a/activerecord/test/cases/relation_test.rb b/activerecord/test/cases/relation_test.rb index 8362722e12..a71d8de521 100644 --- a/activerecord/test/cases/relation_test.rb +++ b/activerecord/test/cases/relation_test.rb @@ -288,13 +288,18 @@ module ActiveRecord :string end + def cast(value) + raise value unless value == "value from user" + "cast value" + end + def deserialize(value) raise value unless value == "type cast for database" "type cast from database" end def serialize(value) - raise value unless value == "value from user" + raise value unless value == "cast value" "type cast for database" end end |