diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2008-06-01 09:15:11 -0700 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2008-06-01 09:15:11 -0700 |
| commit | 3282bf3b5016f0c9028cfff1012e8c31a13b40b7 (patch) | |
| tree | 164119185308c4838a405a0034f67f924ee7d181 /activerecord/test/cases/adapter_test.rb | |
| parent | 71528b1825ce5184b23d09f923cb72f4073ce8ed (diff) | |
| download | rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.gz rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.tar.bz2 rails-3282bf3b5016f0c9028cfff1012e8c31a13b40b7.zip | |
Added SQL escaping for :limit and :offset in MySQL [Jonathan Wiess]
Diffstat (limited to 'activerecord/test/cases/adapter_test.rb')
| -rw-r--r-- | activerecord/test/cases/adapter_test.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activerecord/test/cases/adapter_test.rb b/activerecord/test/cases/adapter_test.rb index c77446f880..11f9870534 100644 --- a/activerecord/test/cases/adapter_test.rb +++ b/activerecord/test/cases/adapter_test.rb @@ -118,7 +118,7 @@ class AdapterTest < ActiveRecord::TestCase sql_inject = "1, 7 procedure help()" if current_adapter?(:MysqlAdapter) assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject) - assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7) + assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=> '1 ; DROP TABLE USERS', :offset=>7) else assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject) assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7) |