diff options
| author | Xavier Noria <fxn@hashref.com> | 2018-03-06 02:27:16 +0100 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2018-03-06 02:27:16 +0100 |
| commit | 6c82b6c99d86f37e61f935fb342cccd725d6c7d4 (patch) | |
| tree | 865d496c43f38103dfdb31af7ef09181a88d1916 /activerecord/lib | |
| parent | 9cc88043e70f927a3c8b151c862f6b3cb8b8a6f7 (diff) | |
| download | rails-6c82b6c99d86f37e61f935fb342cccd725d6c7d4.tar.gz rails-6c82b6c99d86f37e61f935fb342cccd725d6c7d4.tar.bz2 rails-6c82b6c99d86f37e61f935fb342cccd725d6c7d4.zip | |
whitelist NULLS { FIRST | LAST } in order clauses
Diffstat (limited to 'activerecord/lib')
| -rw-r--r-- | activerecord/lib/active_record/attribute_methods.rb | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb index 0ca0e5dcdb..122140eb55 100644 --- a/activerecord/lib/active_record/attribute_methods.rb +++ b/activerecord/lib/active_record/attribute_methods.rb @@ -177,7 +177,14 @@ module ActiveRecord # "#{table_name}.#{column_name} #{direction}" # "#{column_name}" # "#{column_name} #{direction}" - COLUMN_NAME_ORDER_WHITELIST = /\A(?:\w+\.)?\w+(?:\s+asc|\s+desc)?\z/i + COLUMN_NAME_ORDER_WHITELIST = / + \A + (?:\w+\.)? + \w+ + (?:\s+asc|\s+desc)? + (?:\s+nulls\s+(?:first|last))? + \z + /ix def enforce_raw_sql_whitelist(args, whitelist: COLUMN_NAME_WHITELIST) # :nodoc: unexpected = args.reject do |arg| |