diff options
| author | Ken Collins <ken@metaskills.net> | 2011-02-09 11:07:25 -0500 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2011-02-09 08:33:40 -0800 |
| commit | 56fb3b1594d97fa00dd8d8d95f1d5bf7c30380ee (patch) | |
| tree | 81235df49ce56539cafa5df4a704293806696437 /activerecord/lib/active_record/connection_adapters | |
| parent | c6b4ef082f80255c1e3ec6e4feb1d199ed1e7efa (diff) | |
| download | rails-56fb3b1594d97fa00dd8d8d95f1d5bf7c30380ee.tar.gz rails-56fb3b1594d97fa00dd8d8d95f1d5bf7c30380ee.tar.bz2 rails-56fb3b1594d97fa00dd8d8d95f1d5bf7c30380ee.zip | |
Allow limit values to accept an ARel SQL literal.
Diffstat (limited to 'activerecord/lib/active_record/connection_adapters')
| -rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 5f30b972f5..7e3f58a411 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -278,13 +278,17 @@ module ActiveRecord # Sanitizes the given LIMIT parameter in order to prevent SQL injection. # - # +limit+ may be anything that can evaluate to a string via #to_s. It - # should look like an integer, or a comma-delimited list of integers. + # The +limit+ may be anything that can evaluate to a string via #to_s. It + # should look like an integer, or a comma-delimited list of integers, or + # an Arel SQL literal. # + # Returns Integer and Arel::Nodes::SqlLiteral limits as is. # Returns the sanitized limit parameter, either as an integer, or as a # string which contains a comma-delimited list of integers. def sanitize_limit(limit) - if limit.to_s =~ /,/ + if limit.is_a?(Integer) || limit.is_a?(Arel::Nodes::SqlLiteral) + limit + elsif limit.to_s =~ /,/ Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',') else Integer(limit) |