diff options
| author | Ben Toews <mastahyeti@gmail.com> | 2017-10-18 10:21:45 -0600 |
|---|---|---|
| committer | Matthew Draper <matthew@trebex.net> | 2017-11-09 22:42:15 +1030 |
| commit | 8ef71ac4a119a4c03d78db2372b41ddcc8a95035 (patch) | |
| tree | 69133ce1a019e79f121559d3e4fdf71b760c5148 /activerecord/test/cases | |
| parent | b76cc29865fb69389ffdb7bd9f8085aa86354f82 (diff) | |
| download | rails-8ef71ac4a119a4c03d78db2372b41ddcc8a95035.tar.gz rails-8ef71ac4a119a4c03d78db2372b41ddcc8a95035.tar.bz2 rails-8ef71ac4a119a4c03d78db2372b41ddcc8a95035.zip | |
push order arg checks down to allow for binds
Diffstat (limited to 'activerecord/test/cases')
| -rw-r--r-- | activerecord/test/cases/unsafe_raw_sql_test.rb | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/activerecord/test/cases/unsafe_raw_sql_test.rb b/activerecord/test/cases/unsafe_raw_sql_test.rb index 18c6f4bae3..861df8f1da 100644 --- a/activerecord/test/cases/unsafe_raw_sql_test.rb +++ b/activerecord/test/cases/unsafe_raw_sql_test.rb @@ -138,6 +138,42 @@ class UnsafeRawSqlTest < ActiveRecord::TestCase assert_equal ids_depr, ids_disabled end + test "order: allows Arel.sql with binds" do + ids_expected = Post.order(Arel.sql('INSTR(title, "comments"), id')).pluck(:id) + + ids_depr = with_unsafe_raw_sql_deprecated { Post.order([Arel.sql("INSTR(title, ?), id"), "comments"]).pluck(:id) } + ids_disabled = with_unsafe_raw_sql_disabled { Post.order([Arel.sql("INSTR(title, ?), id"), "comments"]).pluck(:id) } + + assert_equal ids_expected, ids_depr + assert_equal ids_expected, ids_disabled + end + + test "order: disallows invalid bind statement" do + with_unsafe_raw_sql_disabled do + assert_raises(ActiveRecord::UnknownAttributeReference) do + Post.order(["INSTR(title, ?), id", "comments"]).pluck(:id) + end + end + end + + test "order: disallows invalid Array arguments" do + with_unsafe_raw_sql_disabled do + assert_raises(ActiveRecord::UnknownAttributeReference) do + Post.order(["author_id", "length(title)"]).pluck(:id) + end + end + end + + test "order: allows valid Array arguments" do + ids_expected = Post.order(Arel.sql("author_id, length(title)")).pluck(:id) + + ids_depr = with_unsafe_raw_sql_deprecated { Post.order(["author_id", Arel.sql("length(title)")]).pluck(:id) } + ids_disabled = with_unsafe_raw_sql_disabled { Post.order(["author_id", Arel.sql("length(title)")]).pluck(:id) } + + assert_equal ids_expected, ids_depr + assert_equal ids_expected, ids_disabled + end + test "order: logs deprecation warning for unrecognized column" do with_unsafe_raw_sql_deprecated do ActiveSupport::Deprecation.expects(:warn).with do |msg| |