aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/connection_adapters
diff options
context:
space:
mode:
authorJamis Buck <jamis@37signals.com>2006-07-27 18:29:49 +0000
committerJamis Buck <jamis@37signals.com>2006-07-27 18:29:49 +0000
commit99e9faeda8f039d34e9eeab319e8adc13cb9bc86 (patch)
tree318d2714fedd28cd90efc91c1b859286317e5241 /activerecord/lib/active_record/connection_adapters
parentd70d5219554b55b24586d559bd39d829317d523d (diff)
downloadrails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.tar.gz
rails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.tar.bz2
rails-99e9faeda8f039d34e9eeab319e8adc13cb9bc86.zip
Patch sql injection vulnerability when using integer or float columns.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@4626 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord/lib/active_record/connection_adapters')
-rw-r--r--activerecord/lib/active_record/connection_adapters/abstract/quoting.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
index 1c1b00252c..94d1d9c43f 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -11,7 +11,8 @@ module ActiveRecord
when String
if column && column.type == :binary && column.class.respond_to?(:string_to_binary)
"'#{quote_string(column.class.string_to_binary(value))}'" # ' (for ruby-mode)
- elsif column && [:integer, :float].include?(column.type)
+ elsif column && [:integer, :float].include?(column.type)
+ value = column.type == :integer ? value.to_i : value.to_f
value.to_s
else
"'#{quote_string(value)}'" # ' (for ruby-mode)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 10:37:00 +0000