diff options
| author | Sean Griffin <sean@thoughtbot.com> | 2015-01-14 13:55:29 -0700 |
|---|---|---|
| committer | Sean Griffin <sean@thoughtbot.com> | 2015-01-14 13:58:09 -0700 |
| commit | aa31d21f5f4fc4d679e74a60f9df9706da7de373 (patch) | |
| tree | 05581a0beef46e3620cc39cbb2fccf6c6b752d81 /activerecord | |
| parent | 855cca0662f6a82b1eb450135f9c679e75723311 (diff) | |
| download | rails-aa31d21f5f4fc4d679e74a60f9df9706da7de373.tar.gz rails-aa31d21f5f4fc4d679e74a60f9df9706da7de373.tar.bz2 rails-aa31d21f5f4fc4d679e74a60f9df9706da7de373.zip | |
Don't default to YAML dumping when quoting values
This behavior exists only to support fixtures, so we should handle it
there. Leaving it in `#quote` can cause very subtle bugs to slip
through, by things appearing to work when they should be blowing up
loudly, such as #18385.
Diffstat (limited to 'activerecord')
3 files changed, 13 insertions, 11 deletions
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb index 6e631ed9f7..787d07c4c2 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb @@ -289,7 +289,13 @@ module ActiveRecord [columns[name], value] end key_list = fixture.keys.map { |name| quote_column_name(name) } - value_list = prepare_binds_for_database(binds).map { |_, value| quote(value) } + value_list = prepare_binds_for_database(binds).map do |_, value| + begin + quote(value) + rescue TypeError + quote(YAML.dump(value)) + end + end execute "INSERT INTO #{quote_table_name(table_name)} (#{key_list.join(', ')}) VALUES (#{value_list.join(', ')})", 'Fixture Insert' end diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb index 7c1a779577..c18caa2a2f 100644 --- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb +++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb @@ -125,8 +125,7 @@ module ActiveRecord when Date, Time then "'#{quoted_date(value)}'" when Symbol then "'#{quote_string(value.to_s)}'" when Class then "'#{value}'" - else - "'#{quote_string(YAML.dump(value))}'" + else raise TypeError, "can't quote #{value.class.name}" end end diff --git a/activerecord/test/cases/quoting_test.rb b/activerecord/test/cases/quoting_test.rb index 1d6ae2f67f..ad09340518 100644 --- a/activerecord/test/cases/quoting_test.rb +++ b/activerecord/test/cases/quoting_test.rb @@ -125,14 +125,11 @@ module ActiveRecord end def test_crazy_object - crazy = Class.new.new - expected = "'#{YAML.dump(crazy)}'" - assert_equal expected, @quoter.quote(crazy, nil) - end - - def test_crazy_object_calls_quote_string - crazy = Class.new { def initialize; @lol = 'lo\l' end }.new - assert_match "lo\\\\l", @quoter.quote(crazy, nil) + crazy = Object.new + e = assert_raises(TypeError) do + @quoter.quote(crazy, nil) + end + assert_equal "can't quote Object", e.message end def test_quote_string_no_column |