`sanitize_sql_like` escapes `escape_character` not only backslash.

* This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build
author: Yves Senn <yves.senn@gmail.com> 2014-04-16 16:45:10 +0200
committer: Yves Senn <yves.senn@gmail.com> 2014-04-16 16:53:01 +0200
commit: 973a45230ab5ba0e096585ecd1403a13569a1348 (patch)
tree: 0cead52b14ec2db5cb04b329e2c068d9ab10a8e3 /activerecord/lib
parent: fa836019961b9cf22538b9c7aefa025b06e3f82a (diff)
download: rails-973a45230ab5ba0e096585ecd1403a13569a1348.tar.gz
rails-973a45230ab5ba0e096585ecd1403a13569a1348.tar.bz2
rails-973a45230ab5ba0e096585ecd1403a13569a1348.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index ef63949208..be62e41932 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -110,7 +110,8 @@ module ActiveRecord
       # Sanitizes a +string+ so that it is safe to use within a sql
       # LIKE statement. This method uses +escape_character+ to escape all occurrences of "\", "_" and "%"
       def sanitize_sql_like(string, escape_character = "\\")
-        string.gsub(/[\\_%]/) { |x| [escape_character, x].join }
+        pattern = Regexp.union(escape_character, "%", "_")
+        string.gsub(pattern) { |x| [escape_character, x].join }
       end
 
       # Accepts an array of conditions. The array has each value
author	Yves Senn <yves.senn@gmail.com>	2014-04-16 16:45:10 +0200
committer	Yves Senn <yves.senn@gmail.com>	2014-04-16 16:53:01 +0200
commit	973a45230ab5ba0e096585ecd1403a13569a1348 (patch)
tree	0cead52b14ec2db5cb04b329e2c068d9ab10a8e3 /activerecord/lib
parent	fa836019961b9cf22538b9c7aefa025b06e3f82a (diff)
download	rails-973a45230ab5ba0e096585ecd1403a13569a1348.tar.gz rails-973a45230ab5ba0e096585ecd1403a13569a1348.tar.bz2 rails-973a45230ab5ba0e096585ecd1403a13569a1348.zip