7 files changed, 41 insertions, 9 deletions

diff --git a/activerecord/lib/active_record/attribute_set.rb b/activerecord/lib/active_record/attribute_set.rb
index df4fd31e08..64df6f6358 100644
--- a/activerecord/lib/active_record/attribute_set.rb
+++ b/activerecord/lib/active_record/attribute_set.rb
@@ -58,6 +58,12 @@ module ActiveRecord
       end
     end
 
+    def ensure_initialized(key)
+      unless self[key].initialized?
+        write_from_database(key, nil)
+      end
+    end
+
     protected
 
     attr_reader :attributes
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
index f9541b437a..60b0ee526e 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
@@ -23,7 +23,8 @@ module ActiveRecord
           case value
           when Range
             if /range$/ =~ sql_type
-              "'#{PostgreSQLColumn.range_to_string(value)}'::#{sql_type}"
+              escaped = quote_string(PostgreSQLColumn.range_to_string(value))
+              "'#{escaped}'::#{sql_type}"
             else
               super
             end
@@ -52,8 +53,8 @@ module ActiveRecord
             when 'xml'   then "xml '#{quote_string(value)}'"
             when /^bit/
               case value
-              when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-              when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+              when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+              when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
               end
             else
               super
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index a164758640..8e31e165b1 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -569,7 +569,7 @@ module ActiveRecord
         end
 
         def exec_no_cache(sql, name, binds)
-          log(sql, name, binds) { @connection.async_exec(sql) }
+          log(sql, name, binds) { @connection.async_exec(sql, []) }
         end
 
         def exec_cache(sql, name, binds)
diff --git a/activerecord/lib/active_record/core.rb b/activerecord/lib/active_record/core.rb
index 30b8485c8b..b11c4f804f 100644
--- a/activerecord/lib/active_record/core.rb
+++ b/activerecord/lib/active_record/core.rb
@@ -514,10 +514,7 @@ module ActiveRecord
     end
 
     def init_internals
-      pk = self.class.primary_key
-      if pk && !@attributes.include?(pk)
-        @attributes.write_from_database(pk, nil)
-      end
+      @attributes.ensure_initialized(self.class.primary_key)
 
       @aggregation_cache        = {}
       @association_cache        = {}
diff --git a/activerecord/lib/active_record/relation/calculations.rb b/activerecord/lib/active_record/relation/calculations.rb
index b4ae204813..90e99957f6 100644
--- a/activerecord/lib/active_record/relation/calculations.rb
+++ b/activerecord/lib/active_record/relation/calculations.rb
@@ -34,7 +34,7 @@ module ActiveRecord
     #   # => counts the number of different age values
     #
     # Note: not all valid +select+ expressions are valid +count+ expressions. The specifics differ
-    # between databases. In invalid cases, an error from the databsae is thrown.
+    # between databases. In invalid cases, an error from the database is thrown.
     def count(column_name = nil, options = {})
       # TODO: Remove options argument as soon we remove support to
       # activerecord-deprecated_finders.
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 218c59247e..6f00c0d333 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -57,6 +57,17 @@ module ActiveRecord
           assert_equal "'1970-01-01 00:00:00.000000'", @conn.quote(Time.at(0))
           assert_equal "'1970-01-01 00:00:00.000000'", @conn.quote(Time.at(0).to_datetime)
         end
+
+        def test_quote_range
+          range = "1,2]'; SELECT * FROM users; --".."a"
+          c = PostgreSQLColumn.new(nil, nil, OID::Range.new(Type::Integer.new, :int8range))
+          assert_equal "'[1,2]''; SELECT * FROM users; --,a]'::int8range", @conn.quote(range, c)
+        end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, OID::Bit.new)
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end
diff --git a/activerecord/test/cases/adapters/postgresql/range_test.rb b/activerecord/test/cases/adapters/postgresql/range_test.rb
index 0f6e39322c..02d0a9b483 100644
--- a/activerecord/test/cases/adapters/postgresql/range_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/range_test.rb
@@ -262,6 +262,23 @@ _SQL
       assert_raises(ArgumentError) { PostgresqlRange.create!(float_range: "(0.5, 0.7]") }
     end
 
+    def test_update_all_with_ranges
+      PostgresqlRange.create!
+
+      PostgresqlRange.update_all(int8_range: 1..100)
+
+      assert_equal 1...101, PostgresqlRange.first.int8_range
+    end
+
+    def test_ranges_correctly_escape_input
+      e = assert_raises(ActiveRecord::StatementInvalid) do
+        range = "1,2]'; SELECT * FROM users; --".."a"
+        PostgresqlRange.update_all(int8_range: range)
+      end
+
+      assert e.message.starts_with?("PG::InvalidTextRepresentation")
+    end
+
     private
       def assert_equal_round_trip(range, attribute, value)
         round_trip(range, attribute, value)