2 files changed, 7 insertions, 5 deletions

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index ea791b5bfe..60a1221e66 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -1754,12 +1754,12 @@ module ActiveRecord #:nodoc:
         def add_group!(sql, group, having, scope = :auto)
           if group
             sql << " GROUP BY #{group}"
-            sql << " HAVING #{having}" if having
+            sql << " HAVING #{sanitize_sql_for_conditions(having)}" if having
           else
             scope = scope(:find) if :auto == scope
             if scope && (scoped_group = scope[:group])
               sql << " GROUP BY #{scoped_group}"
-              sql << " HAVING #{scope[:having]}" if scope[:having]
+              sql << " HAVING #{sanitize_sql_for_conditions(scope[:having])}" if scope[:having]
             end
           end
         end
diff --git a/activerecord/lib/active_record/calculations.rb b/activerecord/lib/active_record/calculations.rb
index b239c03284..7af97d7296 100644
--- a/activerecord/lib/active_record/calculations.rb
+++ b/activerecord/lib/active_record/calculations.rb
@@ -214,13 +214,15 @@ module ActiveRecord
           end
 
           if options[:group] && options[:having]
+            having = sanitize_sql_for_conditions(options[:having])
+
             # FrontBase requires identifiers in the HAVING clause and chokes on function calls
             if connection.adapter_name == 'FrontBase'
-              options[:having].downcase!
-              options[:having].gsub!(/#{operation}\s*\(\s*#{column_name}\s*\)/, aggregate_alias)
+              having.downcase!
+              having.gsub!(/#{operation}\s*\(\s*#{column_name}\s*\)/, aggregate_alias)
             end
 
-            sql << " HAVING #{options[:having]} "
+            sql << " HAVING #{having} "
           end
 
           sql << " ORDER BY #{options[:order]} "       if options[:order]