| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, almost all "Dangerous query method" warnings are false alarm.
As long as almost all the warnings are false alarm, developers think
"Let's ignore the warnings by using `Arel.sql()`, it actually is false
alarm in practice.", so I think we should effort to reduce false alarm
in order to make the warnings valuable.
This allows column name with function (e.g. `length(title)`) as safe SQL
string, which is very common false alarm pattern, even in the our
codebase.
Related 6c82b6c99, 6607ecb2a, #36420.
Fixes #32995.
|
| |
|
|
|
|
|
| |
`split(/\s*,\s*/)` to order args and then `permit.match?` one by one is
much slower than `permit.match?` once.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently `posts.title` is regarded as a safe SQL string, but
`"posts"."title"` (it is a result of `quote_table_name("posts.title")`)
is regarded as an unsafe SQL string even though a result of
`quote_table_name` should obviously be regarded as a safe SQL string,
since the column name matcher doesn't respect quotation, it is a little
annoying.
This changes the column name matcher to allow quoted identifiers as safe
SQL string, now all results of the `quote_table_name` are regarded as
safe SQL string.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Rails 6.0 will support Ruby 2.4.1 or higher
`# frozen_string_literal: true` magic comment is enough to make string object frozen.
This magic comment is enabled by `Style/FrozenStringLiteralComment` cop.
* Exclude these files not to auto correct false positive `Regexp#freeze`
- 'actionpack/lib/action_dispatch/journey/router/utils.rb'
- 'activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb'
It has been fixed by https://github.com/rubocop-hq/rubocop/pull/6333
Once the newer version of RuboCop released and available at Code Climate these exclude entries should be removed.
* Replace `String#freeze` with `String#-@` manually if explicit frozen string objects are required
- 'actionpack/test/controller/test_case_test.rb'
- 'activemodel/test/cases/type/string_test.rb'
- 'activesupport/lib/active_support/core_ext/string/strip.rb'
- 'activesupport/test/core_ext/string_ext_test.rb'
- 'railties/test/generators/actions_test.rb'
|
|\
| |
| | |
Use `TRUE` and `FALSE` boolean literals for MySQL
|
| |
| |
| |
| |
| |
| | |
Since #29699, abstract boolean serialization has been changed to use
`TRUE` and `FALSE` literals. MySQL also support the literals.
So we can use the abstract boolean serialization even for MySQL.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Context #24542.
Since 8ebe1f2, it has lost stripping date part for a time value. But I
confirmed it is still needed even if MariaDB 10.2.6 GA.
MariaDB 10.2.6, `prepared_statements: true`:
```
% ARCONN=mysql2 be ruby -w -Itest test/cases/time_precision_test.rb -n test_formatting_time_according_to_precision
Using mysql2
Run options: -n test_formatting_time_according_to_precision --seed 37614
F
Failure:
TimePrecisionTest#test_formatting_time_according_to_precision [test/cases/time_precision_test.rb:53]:
Failed assertion, no message given.
bin/rails test test/cases/time_precision_test.rb:46
Finished in 0.040279s, 24.8268 runs/s, 24.8268 assertions/s.
1 runs, 1 assertions, 1 failures, 0 errors, 0 skips
```
|
|
|
|
|
|
|
|
| |
Dates are able to be natively handled by the mysql2 gem. libmysql (and
the wire protocol) represent each portion of the date as an integer,
which is significantly faster to encode and decode. By passing the Ruby
date objects through directly, we can save a good bit of time and
memory.
|
|
|
|
|
| |
This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing
changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
|
| |
|
|
|
|
|
|
|
| |
Each databases have different binary representation. Therefore all
adapters overrides `_quote` for quoting binary.
Extract `quoted_binary` for quoting binary and use it rather than
override `_quote`.
|
| |
|
|
|
|
|
| |
The current code base is not uniform. After some discussion,
we have chosen to go with double quotes by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Caching a mutable string causes the following issue.
```
Loading development environment (Rails 5.1.0.alpha)
irb(main):001:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!'
=> "`foo`!!"
irb(main):002:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!'
=> "`foo`!!!!"
irb(main):003:0> ActiveRecord::Base.connection.quote_table_name('foo') << '!!'
=> "`foo`!!!!!!"
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If reuse `QUOTED_TRUE` and `QUOTED_FALSE` without frozen, causing the
following issue.
```
Loading development environment (Rails 5.1.0.alpha)
irb(main):001:0> ActiveRecord::Base.connection.quote(true) << ' foo'
=> "1 foo"
irb(main):002:0> ActiveRecord::Base.connection.quote(true) << ' foo'
=> "1 foo foo"
irb(main):003:0> type = ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::MysqlString.new
=> #<ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter::MysqlString:0x007fd40c15e018 @precision=nil, @scale=nil, @limit=nil>
irb(main):004:0> type.serialize(true) << ' bar'
=> "1 foo foo bar"
irb(main):005:0> type.cast(true) << ' bar'
=> "1 foo foo bar bar"
```
|
|
|
|
| |
`MysqlString`
|
|
|
|
| |
methods to `Quoting` module
|
| |
|
| |
|
|
|