diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2010-12-07 09:49:37 -0800 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-02-08 14:21:12 -0800 |
commit | 0b58a7ff420d7ef4b643c521a62be7259dd2f5cb (patch) | |
tree | d5314aa04b853619912bec01f47526cddb1ef2f8 /activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | |
parent | 6b1018526fb304727ee4191afc2d8a5e29e49eea (diff) | |
download | rails-0b58a7ff420d7ef4b643c521a62be7259dd2f5cb.tar.gz rails-0b58a7ff420d7ef4b643c521a62be7259dd2f5cb.tar.bz2 rails-0b58a7ff420d7ef4b643c521a62be7259dd2f5cb.zip |
limit() should sanitize limit values
This fixes CVE-2011-0448
Diffstat (limited to 'activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb')
-rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 01e53b46c8..5f30b972f5 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -276,6 +276,21 @@ module ActiveRecord "WHERE #{quoted_primary_key} IN (SELECT #{quoted_primary_key} FROM #{quoted_table_name} #{where_sql})" end + # Sanitizes the given LIMIT parameter in order to prevent SQL injection. + # + # +limit+ may be anything that can evaluate to a string via #to_s. It + # should look like an integer, or a comma-delimited list of integers. + # + # Returns the sanitized limit parameter, either as an integer, or as a + # string which contains a comma-delimited list of integers. + def sanitize_limit(limit) + if limit.to_s =~ /,/ + Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',') + else + Integer(limit) + end + end + protected # Returns an array of record hashes with the column names as keys and # column values as values. @@ -299,21 +314,6 @@ module ActiveRecord update_sql(sql, name) end - # Sanitizes the given LIMIT parameter in order to prevent SQL injection. - # - # +limit+ may be anything that can evaluate to a string via #to_s. It - # should look like an integer, or a comma-delimited list of integers. - # - # Returns the sanitized limit parameter, either as an integer, or as a - # string which contains a comma-delimited list of integers. - def sanitize_limit(limit) - if limit.to_s =~ /,/ - limit.to_s.split(',').map{ |i| i.to_i }.join(',') - else - limit.to_i - end - end - # Send a rollback message to all records after they have been rolled back. If rollback # is false, only rollback records since the last save point. def rollback_transaction_records(rollback) #:nodoc |