fixed has_many :conditions sanitizing (closes #4278) [hakuja@hakuja.net]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3935 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
author: Rick Olson <technoweenie@gmail.com> 2006-03-18 18:01:50 +0000
committer: Rick Olson <technoweenie@gmail.com> 2006-03-18 18:01:50 +0000
commit: 50103b86e6f5e6aa82448d6bfdafeac34e0c8caa (patch)
tree: 31b7562585673b164a95dfbd1762adcc942ef2bd /activerecord/lib
parent: b2122159b1eed173b37d0a240cb9d933f7564d24 (diff)
download: rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.tar.gz
rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.tar.bz2
rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.zip
2 files changed, 3 insertions, 3 deletions
diff --git a/activerecord/lib/active_record/associations.rb b/activerecord/lib/active_record/associations.rb
index 4f8f41fcea..a982279b03 100755
--- a/activerecord/lib/active_record/associations.rb
+++ b/activerecord/lib/active_record/associations.rb
@@ -1244,7 +1244,7 @@ module ActiveRecord
                   case
                     when reflection.macro == :has_many && reflection.options[:through]
                       through_reflection = parent.active_record.reflect_on_association(reflection.options[:through])
-                      through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.options[:conditions]})")}" : ''
+                      through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.active_record.send :sanitize_sql, through_reflection.options[:conditions]})")}" : ''
                       if through_reflection.options[:as] # has_many :through against a polymorphic join
                         polymorphic_foreign_key  = through_reflection.options[:as].to_s + '_id'
                         polymorphic_foreign_type = through_reflection.options[:as].to_s + '_type'
@@ -1296,7 +1296,7 @@ module ActiveRecord
                 aliased_table_name, 
                 reflection.active_record.connection.quote_column_name(reflection.active_record.inheritance_column), 
                 klass.quote(klass.name)] if sti?
-              join << "AND #{eval("%(#{reflection.options[:conditions]})")} " if reflection.options[:conditions]
+              join << "AND #{eval("%(#{reflection.active_record.send :sanitize_sql, reflection.options[:conditions]})")} " if reflection.options[:conditions]
               join
             end
             
diff --git a/activerecord/lib/active_record/associations/association_proxy.rb b/activerecord/lib/active_record/associations/association_proxy.rb
index 4ddeb84a58..583f8c04b1 100644
--- a/activerecord/lib/active_record/associations/association_proxy.rb
+++ b/activerecord/lib/active_record/associations/association_proxy.rb
@@ -27,7 +27,7 @@ module ActiveRecord
       end
       
       def conditions
-        @conditions ||= eval("%(#{@reflection.options[:conditions]})") if @reflection.options[:conditions]
+        @conditions ||= eval("%(#{@reflection.active_record.send :sanitize_sql, @reflection.options[:conditions]})") if @reflection.options[:conditions]
       end
       alias :sql_conditions :conditions
author	Rick Olson <technoweenie@gmail.com>	2006-03-18 18:01:50 +0000
committer	Rick Olson <technoweenie@gmail.com>	2006-03-18 18:01:50 +0000
commit	50103b86e6f5e6aa82448d6bfdafeac34e0c8caa (patch)
tree	31b7562585673b164a95dfbd1762adcc942ef2bd /activerecord/lib
parent	b2122159b1eed173b37d0a240cb9d933f7564d24 (diff)
download	rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.tar.gz rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.tar.bz2 rails-50103b86e6f5e6aa82448d6bfdafeac34e0c8caa.zip