Merge pull request #27962 from kamipo/deprecate_quoted_id

Deprecate using `#quoted_id` in quoting / type casting
author: Rafael França <rafaelmfranca@gmail.com> 2017-02-23 18:27:09 -0500
committer: GitHub <noreply@github.com> 2017-02-23 18:27:09 -0500
commit: 230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5 (patch)
tree: 3f33009dcd1ac98f7369ebc982178efdc52a3143 /activerecord/lib
parent: 18afe45d7c564e5b9bc453bbe06a2aa78aebe246 (diff)
parent: d15527800fbc199b969019c665226f836d8fedce (diff)
download: rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.tar.gz
rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.tar.bz2
rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.zip
2 files changed, 16 insertions, 4 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
index 7f4132accf..e5a24b2aca 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -7,8 +7,13 @@ module ActiveRecord
       # Quotes the column value to help prevent
       # {SQL injection attacks}[http://en.wikipedia.org/wiki/SQL_injection].
       def quote(value)
-        # records are quoted as their primary key
-        return value.quoted_id if value.respond_to?(:quoted_id)
+        value = id_value_for_database(value) if value.is_a?(Base)
+
+        if value.respond_to?(:quoted_id)
+          ActiveSupport::Deprecation.warn \
+            "Using #quoted_id is deprecated and will be removed in Rails 5.2."
+          return value.quoted_id
+        end
 
         _quote(value)
       end
@@ -17,6 +22,8 @@ module ActiveRecord
       # SQLite does not understand dates, so this method will convert a Date
       # to a String.
       def type_cast(value, column = nil)
+        value = id_value_for_database(value) if value.is_a?(Base)
+
         if value.respond_to?(:quoted_id) && value.respond_to?(:id)
           return value.id
         end
@@ -151,6 +158,12 @@ module ActiveRecord
           binds.map { |attr| type_cast(attr.value_for_database) }
         end
 
+        def id_value_for_database(value)
+          if primary_key = value.class.primary_key
+            value.instance_variable_get(:@attributes)[primary_key].value_for_database
+          end
+        end
+
         def types_which_need_no_typecasting
           [nil, Numeric, String]
         end
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 427c0019c6..64bda1539c 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -1,4 +1,3 @@
-
 module ActiveRecord
   module Sanitization
     extend ActiveSupport::Concern
@@ -207,9 +206,9 @@ module ActiveRecord
         end
     end
 
-    # TODO: Deprecate this
     def quoted_id # :nodoc:
       self.class.connection.quote(@attributes[self.class.primary_key].value_for_database)
     end
+    deprecate :quoted_id
   end
 end
author	Rafael França <rafaelmfranca@gmail.com>	2017-02-23 18:27:09 -0500
committer	GitHub <noreply@github.com>	2017-02-23 18:27:09 -0500
commit	230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5 (patch)
tree	3f33009dcd1ac98f7369ebc982178efdc52a3143 /activerecord/lib
parent	18afe45d7c564e5b9bc453bbe06a2aa78aebe246 (diff)
parent	d15527800fbc199b969019c665226f836d8fedce (diff)
download	rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.tar.gz rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.tar.bz2 rails-230cf4470bfebaa0ccd6a63d7d817c76d19f6ee5.zip