diff options
author | Ryuta Kamizono <kamipo@gmail.com> | 2019-02-21 18:58:44 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-21 18:58:44 +0900 |
commit | f8a798c8e60a9b288496b99b5e38e4f10d2f7c0e (patch) | |
tree | a805ca26f8b3e72681fda6918583825305c2e915 | |
parent | b57ca840a6fe64b7a76bc6585dff26e5c08879fb (diff) | |
parent | 357cd23d3aedabb99fd70b812ffcea2d1cc9893d (diff) | |
download | rails-f8a798c8e60a9b288496b99b5e38e4f10d2f7c0e.tar.gz rails-f8a798c8e60a9b288496b99b5e38e4f10d2f7c0e.tar.bz2 rails-f8a798c8e60a9b288496b99b5e38e4f10d2f7c0e.zip |
Merge pull request #35336 from kamipo/dont_allow_non_numeric_string_matches_to_zero
Don't allow `where` with non numeric string matches to 0 values
-rw-r--r-- | activemodel/lib/active_model/type/helpers/numeric.rb | 7 | ||||
-rw-r--r-- | activemodel/lib/active_model/type/integer.rb | 10 | ||||
-rw-r--r-- | activemodel/test/cases/type/integer_test.rb | 8 | ||||
-rw-r--r-- | activerecord/CHANGELOG.md | 4 | ||||
-rw-r--r-- | activerecord/test/cases/relation/where_test.rb | 3 |
5 files changed, 23 insertions, 9 deletions
diff --git a/activemodel/lib/active_model/type/helpers/numeric.rb b/activemodel/lib/active_model/type/helpers/numeric.rb index 444847a210..1d8171e25b 100644 --- a/activemodel/lib/active_model/type/helpers/numeric.rb +++ b/activemodel/lib/active_model/type/helpers/numeric.rb @@ -26,15 +26,18 @@ module ActiveModel private def number_to_non_number?(old_value, new_value_before_type_cast) - old_value != nil && non_numeric_string?(new_value_before_type_cast) + old_value != nil && non_numeric_string?(new_value_before_type_cast.to_s) end def non_numeric_string?(value) # 'wibble'.to_i will give zero, we want to make sure # that we aren't marking int zero to string zero as # changed. - !/\A[-+]?\d+/.match?(value.to_s) + !NUMERIC_REGEX.match?(value) end + + NUMERIC_REGEX = /\A\s*[+-]?\d/ + private_constant :NUMERIC_REGEX end end end diff --git a/activemodel/lib/active_model/type/integer.rb b/activemodel/lib/active_model/type/integer.rb index 1ff232a977..1e1061ff60 100644 --- a/activemodel/lib/active_model/type/integer.rb +++ b/activemodel/lib/active_model/type/integer.rb @@ -19,11 +19,8 @@ module ActiveModel end def serialize(value) - result = super - if result - ensure_in_range(result) - end - result + return if value.is_a?(::String) && non_numeric_string?(value) + ensure_in_range(super) end private @@ -34,9 +31,10 @@ module ActiveModel end def ensure_in_range(value) - unless range.cover?(value) + if value && !range.cover?(value) raise ActiveModel::RangeError, "#{value} is out of range for #{self.class} with limit #{_limit} bytes" end + value end def max_value diff --git a/activemodel/test/cases/type/integer_test.rb b/activemodel/test/cases/type/integer_test.rb index dec188b4cc..6c02c01237 100644 --- a/activemodel/test/cases/type/integer_test.rb +++ b/activemodel/test/cases/type/integer_test.rb @@ -50,6 +50,14 @@ module ActiveModel assert_equal 7200, type.cast(2.hours) end + test "casting string for database" do + type = Type::Integer.new + assert_nil type.serialize("wibble") + assert_equal 5, type.serialize("5wibble") + assert_equal 5, type.serialize(" +5") + assert_equal(-5, type.serialize(" -5")) + end + test "casting empty string" do type = Type::Integer.new assert_nil type.cast("") diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index 8f626156a2..99a76b5b94 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,7 @@ +* Don't allow `where` with non numeric string matches to 0 values. + + *Ryuta Kamizono* + * Introduce `ActiveRecord::Relation#destroy_by` and `ActiveRecord::Relation#delete_by`. `destroy_by` allows relation to find all the records matching the condition and perform diff --git a/activerecord/test/cases/relation/where_test.rb b/activerecord/test/cases/relation/where_test.rb index bec204643b..5c729e68cd 100644 --- a/activerecord/test/cases/relation/where_test.rb +++ b/activerecord/test/cases/relation/where_test.rb @@ -51,8 +51,9 @@ module ActiveRecord end def test_where_with_invalid_value - topics(:first).update!(written_on: nil, bonus_time: nil, last_read: nil) + topics(:first).update!(parent_id: 0, written_on: nil, bonus_time: nil, last_read: nil) assert_empty Topic.where(parent_id: Object.new) + assert_empty Topic.where(parent_id: "not-a-number") assert_empty Topic.where(written_on: "") assert_empty Topic.where(bonus_time: "") assert_empty Topic.where(last_read: "") |