aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xactiverecord/lib/active_record/base.rb9
-rw-r--r--activerecord/test/finder_test.rb4
2 files changed, 8 insertions, 5 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 08f749d3c8..0587b0bab8 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -895,11 +895,10 @@ module ActiveRecord #:nodoc:
end
def quote_bound_value(value)
- case value
- when Enumerable
- value.map { |v| connection.quote(v) }.join(',')
- else
- connection.quote(value)
+ if (value.respond_to?(:map) && !value.is_a?(String))
+ value.map { |v| connection.quote(v) }.join(',')
+ else
+ connection.quote(value)
end
end
diff --git a/activerecord/test/finder_test.rb b/activerecord/test/finder_test.rb
index bec7a2dcc0..307fd0934c 100644
--- a/activerecord/test/finder_test.rb
+++ b/activerecord/test/finder_test.rb
@@ -171,6 +171,10 @@ class FinderTest < Test::Unit::TestCase
assert_equal %('a','b','c'), bind(':a', :a => Set.new(%w(a b c))) # '
end
+ def test_bind_string
+ assert_equal "''", bind('?', '')
+ end
+
def test_string_sanitation
assert_not_equal "'something ' 1=1'", ActiveRecord::Base.sanitize("something ' 1=1")
assert_equal "'something; select table'", ActiveRecord::Base.sanitize("something; select table")
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 18:13:04 +0000