Merge remote branch 'rails/master'

1 files changed, 27 insertions, 0 deletions

diff --git a/activerecord/test/cases/adapter_test.rb b/activerecord/test/cases/adapter_test.rb
index c59be264a4..9f78ae008c 100644
--- a/activerecord/test/cases/adapter_test.rb
+++ b/activerecord/test/cases/adapter_test.rb
@@ -81,6 +81,12 @@ class AdapterTest < ActiveRecord::TestCase
     def test_encoding
       assert_not_nil @connection.encoding
     end
+
+    def test_all_schemas
+      @connection.create_schema(:test_schema, :postgres)
+      assert @connection.all_schemas.include?('test_schema')
+      @connection.drop_schema(:test_schema)
+    end
   end
 
   def test_table_alias
@@ -142,4 +148,25 @@ class AdapterTest < ActiveRecord::TestCase
       end
     end
   end
+
+  def test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas
+    sql_inject = "1 select * from schema"
+      assert_equal " LIMIT 1", @connection.add_limit_offset!("", :limit => sql_inject)
+    if current_adapter?(:MysqlAdapter)
+      assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
+    else
+      assert_equal " LIMIT 1 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
+    end
+  end
+
+  def test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
+    sql_inject = "1, 7 procedure help()"
+    if current_adapter?(:MysqlAdapter)
+      assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject)
+      assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => '1 ; DROP TABLE USERS', :offset => 7)
+    else
+      assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject)
+      assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
+    end
+  end
 end