Don't allow `where` with non numeric string matches to 0 values

This is a follow-up of #35310.

Currently `Topic.find_by(id: "not-a-number")` matches to a `id = 0`
record. That is considered as silently leaking information.

If non numeric string is given to find by an integer column, it should
not be matched to any record.

Related #12793.

1 files changed, 4 insertions, 6 deletions

diff --git a/activemodel/lib/active_model/type/integer.rb b/activemodel/lib/active_model/type/integer.rb
index 5878b94171..a7ae57aede 100644
--- a/activemodel/lib/active_model/type/integer.rb
+++ b/activemodel/lib/active_model/type/integer.rb
@@ -24,11 +24,8 @@ module ActiveModel
       end
 
       def serialize(value)
-        result = super
-        if result
-          ensure_in_range(result)
-        end
-        result
+        return if value.is_a?(::String) && non_numeric_string?(value)
+        ensure_in_range(super)
       end
 
       private
@@ -39,9 +36,10 @@ module ActiveModel
         end
 
         def ensure_in_range(value)
-          unless range.cover?(value)
+          if value && !range.cover?(value)
             raise ActiveModel::RangeError, "#{value} is out of range for #{self.class} with limit #{_limit} bytes"
           end
+          value
         end
 
         def max_value