diff options
author | yui-knk <spiketeika@gmail.com> | 2015-10-31 10:04:38 +0900 |
---|---|---|
committer | yui-knk <spiketeika@gmail.com> | 2015-11-02 21:18:18 +0900 |
commit | 6011ab853c0b843e0aa139ca90a5e4ab9ec143c2 (patch) | |
tree | db30db13d99ca844f1b818aa4328a96d3325b4c5 /activerecord/lib/active_record | |
parent | 57493eae3d45a4253aeb0b4f60239531da9d0446 (diff) | |
download | rails-6011ab853c0b843e0aa139ca90a5e4ab9ec143c2.tar.gz rails-6011ab853c0b843e0aa139ca90a5e4ab9ec143c2.tar.bz2 rails-6011ab853c0b843e0aa139ca90a5e4ab9ec143c2.zip |
Define `sanitize_sql_for_order` for AR and use it inside `preprocess_order_args`
This commit follows up of 6a6dbb4c51fb0c58ba1a810eaa552774167b758a.
Diffstat (limited to 'activerecord/lib/active_record')
-rw-r--r-- | activerecord/lib/active_record/relation/query_methods.rb | 6 | ||||
-rw-r--r-- | activerecord/lib/active_record/sanitization.rb | 16 |
2 files changed, 17 insertions, 5 deletions
diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb index 800de78fe3..2dc52982c9 100644 --- a/activerecord/lib/active_record/relation/query_methods.rb +++ b/activerecord/lib/active_record/relation/query_methods.rb @@ -1086,11 +1086,7 @@ module ActiveRecord def preprocess_order_args(order_args) order_args.map! do |arg| - if arg.is_a?(Array) && arg.first.to_s.include?('?') - klass.send(:sanitize_sql, arg) - else - arg - end + klass.send(:sanitize_sql_for_order, arg) end order_args.flatten! validate_order_args(order_args) diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb index 1cf4b09bf3..0c15f45db9 100644 --- a/activerecord/lib/active_record/sanitization.rb +++ b/activerecord/lib/active_record/sanitization.rb @@ -53,6 +53,22 @@ module ActiveRecord end end + # Accepts an array, or string of SQL conditions and sanitizes + # them into a valid SQL fragment for a ORDER clause. + # + # sanitize_sql_for_order(["field(id, ?)", [1,3,2]]) + # # => "field(id, 1,3,2)" + # + # sanitize_sql_for_order("id ASC") + # # => "id ASC" + def sanitize_sql_for_order(condition) + if condition.is_a?(Array) && condition.first.to_s.include?('?') + sanitize_sql_array(condition) + else + condition + end + end + # Accepts a hash of SQL conditions and replaces those attributes # that correspond to a {#composed_of}[rdoc-ref:Aggregations::ClassMethods#composed_of] # relationship with their expanded aggregate attribute values. |