aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/sanitization.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activerecord/lib/active_record/sanitization.rb')
-rw-r--r--activerecord/lib/active_record/sanitization.rb3
1 files changed, 2 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index ef63949208..be62e41932 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -110,7 +110,8 @@ module ActiveRecord
# Sanitizes a +string+ so that it is safe to use within a sql
# LIKE statement. This method uses +escape_character+ to escape all occurrences of "\", "_" and "%"
def sanitize_sql_like(string, escape_character = "\\")
- string.gsub(/[\\_%]/) { |x| [escape_character, x].join }
+ pattern = Regexp.union(escape_character, "%", "_")
+ string.gsub(pattern) { |x| [escape_character, x].join }
end
# Accepts an array of conditions. The array has each value
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 16:32:21 +0000