Merge branch 'master' into custom-discarded-job-handling

author: Aidan Haran <aidanharan@yahoo.com> 2017-12-09 13:41:02 +0000
committer: GitHub <noreply@github.com> 2017-12-09 13:41:02 +0000
commit: 66f34a8ea58c8c98d9cc2651d386c9e5a0789d08 (patch)
tree: d24e9014cf9045abc892ba97ac993e2e26e31c7e /activerecord/lib/active_record/sanitization.rb
parent: 3291fa3630c456450f8c6a9b771f77c293d036cd (diff)
parent: 55d4cf2a9c1a6e77ed7aedb866e964039bb4a143 (diff)
download: rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.gz
rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.bz2
rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.zip
1 files changed, 13 insertions, 9 deletions
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 91a4f1fad6..21f8bc7cb2 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -30,8 +30,6 @@ module ActiveRecord
           end
         end
         alias :sanitize_sql :sanitize_sql_for_conditions
-        alias :sanitize_conditions :sanitize_sql
-        deprecate sanitize_conditions: :sanitize_sql
 
         # Accepts an array, hash, or string of SQL conditions and sanitizes
         # them into a valid SQL fragment for a SET clause.
@@ -65,7 +63,17 @@ module ActiveRecord
         #   # => "id ASC"
         def sanitize_sql_for_order(condition) # :doc:
           if condition.is_a?(Array) && condition.first.to_s.include?("?")
-            sanitize_sql_array(condition)
+            enforce_raw_sql_whitelist([condition.first],
+              whitelist: AttributeMethods::ClassMethods::COLUMN_NAME_ORDER_WHITELIST
+            )
+
+            # Ensure we aren't dealing with a subclass of String that might
+            # override methods we use (eg. Arel::Nodes::SqlLiteral).
+            if condition.first.kind_of?(String) && !condition.first.instance_of?(String)
+              condition = [String.new(condition.first), *condition[1..-1]]
+            end
+
+            Arel.sql(sanitize_sql_array(condition))
           else
             condition
           end
@@ -112,7 +120,8 @@ module ActiveRecord
         def sanitize_sql_hash_for_assignment(attrs, table) # :doc:
           c = connection
           attrs.map do |attr, value|
-            value = type_for_attribute(attr.to_s).serialize(value)
+            type = type_for_attribute(attr.to_s)
+            value = type.serialize(type.cast(value))
             "#{c.quote_table_name_for_assignment(table, attr)} = #{c.quote(value)}"
           end.join(", ")
         end
@@ -207,10 +216,5 @@ module ActiveRecord
           end
         end
     end
-
-    def quoted_id # :nodoc:
-      self.class.connection.quote(@attributes[self.class.primary_key].value_for_database)
-    end
-    deprecate :quoted_id
   end
 end
author	Aidan Haran <aidanharan@yahoo.com>	2017-12-09 13:41:02 +0000
committer	GitHub <noreply@github.com>	2017-12-09 13:41:02 +0000
commit	66f34a8ea58c8c98d9cc2651d386c9e5a0789d08 (patch)
tree	d24e9014cf9045abc892ba97ac993e2e26e31c7e /activerecord/lib/active_record/sanitization.rb
parent	3291fa3630c456450f8c6a9b771f77c293d036cd (diff)
parent	55d4cf2a9c1a6e77ed7aedb866e964039bb4a143 (diff)
download	rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.gz rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.tar.bz2 rails-66f34a8ea58c8c98d9cc2651d386c9e5a0789d08.zip