Do not use SQL LIKE operator for case insensitive uniqueness validation

It can result in wrong results if values contain special % or _ characters. It is safer to use SQL LOWER function and compare for equality.

1 files changed, 3 insertions, 2 deletions

diff --git a/activerecord/lib/active_record/validations/uniqueness.rb b/activerecord/lib/active_record/validations/uniqueness.rb
index d1225a9ed9..4db4105389 100644
--- a/activerecord/lib/active_record/validations/uniqueness.rb
+++ b/activerecord/lib/active_record/validations/uniqueness.rb
@@ -56,8 +56,9 @@ module ActiveRecord
         column = klass.columns_hash[attribute.to_s]
         value = column.limit ? value.to_s.mb_chars[0, column.limit] : value.to_s if column.text?
 
-        if !options[:case_sensitive] && column.text?
-          relation = table[attribute].matches(value)
+        if !options[:case_sensitive] && value && column.text?
+          # will use SQL LOWER function before comparison
+          relation = table[attribute].lower.eq(table.lower(value))
         else
           value    = klass.connection.case_sensitive_modifier(value)
           relation = table[attribute].eq(value)