diff options
| author | Hongli Lai (Phusion) <hongli@phusion.nl> | 2008-09-18 13:27:39 +0200 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2008-10-09 18:11:10 +0200 |
| commit | 28393e6e9c9368036e65e77175ea4f65a862259c (patch) | |
| tree | d264f4c1d3f995e52bdbfc3ddb0a76e3bcf7f5fd /activerecord | |
| parent | aa4a7c35309ff95ef1165844d637f7e583ac20dd (diff) | |
| download | rails-28393e6e9c9368036e65e77175ea4f65a862259c.tar.gz rails-28393e6e9c9368036e65e77175ea4f65a862259c.tar.bz2 rails-28393e6e9c9368036e65e77175ea4f65a862259c.zip | |
Add documentation for AbstractAdapter#sanitize_limit, and make its code more readable.
Signed-off-by: Michael Koziarski <michael@koziarski.com>
[#1068 status:committed]
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 10dc1a81f3..97c6cd4331 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -120,10 +120,6 @@ module ActiveRecord sql end - def sanitize_limit(limit) - limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i - end - # Appends a locking clause to an SQL statement. # This method *modifies* the +sql+ parameter. # # SELECT * FROM suppliers FOR UPDATE @@ -185,6 +181,21 @@ module ActiveRecord def delete_sql(sql, name = nil) update_sql(sql, name) end + + # Sanitizes the given LIMIT parameter in order to prevent SQL injection. + # + # +limit+ may be anything that can evaluate to a string via #to_s. It + # should look like an integer, or a comma-delimited list of integers. + # + # Returns the sanitized limit parameter, either as an integer, or as a + # string which contains a comma-delimited list of integers. + def sanitize_limit(limit) + if limit.to_s =~ /,/ + limit.to_s.split(',').map{ |i| i.to_i }.join(',') + else + limit.to_i + end + end end end end |