diff options
author | Ryuta Kamizono <kamipo@gmail.com> | 2019-04-20 21:13:31 +0900 |
---|---|---|
committer | Ryuta Kamizono <kamipo@gmail.com> | 2019-06-06 03:57:24 +0900 |
commit | 7696f44f6ff4d3eda8510b67eaab0441153430c3 (patch) | |
tree | 040ac9388a14c3d6709c7527b42cd760282958ff /activerecord/lib/active_record/relation/query_methods.rb | |
parent | f166a01b4bfca7d32428095670a271d0771db797 (diff) | |
download | rails-7696f44f6ff4d3eda8510b67eaab0441153430c3.tar.gz rails-7696f44f6ff4d3eda8510b67eaab0441153430c3.tar.bz2 rails-7696f44f6ff4d3eda8510b67eaab0441153430c3.zip |
Allow quoted identifier string as safe SQL string
Currently `posts.title` is regarded as a safe SQL string, but
`"posts"."title"` (it is a result of `quote_table_name("posts.title")`)
is regarded as an unsafe SQL string even though a result of
`quote_table_name` should obviously be regarded as a safe SQL string,
since the column name matcher doesn't respect quotation, it is a little
annoying.
This changes the column name matcher to allow quoted identifiers as safe
SQL string, now all results of the `quote_table_name` are regarded as
safe SQL string.
Diffstat (limited to 'activerecord/lib/active_record/relation/query_methods.rb')
-rw-r--r-- | activerecord/lib/active_record/relation/query_methods.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb index 50ff733dc7..588cb130f2 100644 --- a/activerecord/lib/active_record/relation/query_methods.rb +++ b/activerecord/lib/active_record/relation/query_methods.rb @@ -1254,7 +1254,7 @@ module ActiveRecord @klass.disallow_raw_sql!( order_args.flat_map { |a| a.is_a?(Hash) ? a.keys : a }, - permit: AttributeMethods::ClassMethods::COLUMN_NAME_WITH_ORDER + permit: connection.column_name_with_order_matcher ) validate_order_args(order_args) |