diff options
author | Ryuta Kamizono <kamipo@gmail.com> | 2019-06-09 08:01:10 +0900 |
---|---|---|
committer | Ryuta Kamizono <kamipo@gmail.com> | 2019-06-10 07:36:58 +0900 |
commit | 64d8c54e16ee9ad3b591501401d6c437304e1308 (patch) | |
tree | 096ed28c86eab7a412b0cdbd999dbbdd7529a39f /actionpack/test/dispatch/middleware_stack_test.rb | |
parent | 6607ecb2a1ccc9b43cfb8db2d06dc5301a5320ba (diff) | |
download | rails-64d8c54e16ee9ad3b591501401d6c437304e1308.tar.gz rails-64d8c54e16ee9ad3b591501401d6c437304e1308.tar.bz2 rails-64d8c54e16ee9ad3b591501401d6c437304e1308.zip |
Allow column name with function (e.g. `length(title)`) as safe SQL string
Currently, almost all "Dangerous query method" warnings are false alarm.
As long as almost all the warnings are false alarm, developers think
"Let's ignore the warnings by using `Arel.sql()`, it actually is false
alarm in practice.", so I think we should effort to reduce false alarm
in order to make the warnings valuable.
This allows column name with function (e.g. `length(title)`) as safe SQL
string, which is very common false alarm pattern, even in the our
codebase.
Related 6c82b6c99, 6607ecb2a, #36420.
Fixes #32995.
Diffstat (limited to 'actionpack/test/dispatch/middleware_stack_test.rb')
0 files changed, 0 insertions, 0 deletions