Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | stop calling to_sym when building arel nodes [CVE-2013-1854] | Aaron Patterson | 2013-03-15 | 1 | -1/+1 |
| | |||||
* | Revert "Merge pull request #9208 from dylanahsmith/3-2-mysql-quote-numeric" | Steve Klabnik | 2013-02-26 | 1 | -4/+0 |
| | | | | This reverts commit 921a296a3390192a71abeec6d9a035cc6d1865c8. | ||||
* | fixing call to columns hash. run the damn tests when you backport! | Aaron Patterson | 2013-02-09 | 1 | -1/+1 |
| | |||||
* | active_record: Quote numeric values compared to string columns. | Dylan Smith | 2013-02-07 | 1 | -0/+4 |
| | |||||
* | * Strip nils from collections on JSON and XML posts. [CVE-2013-0155] * ↵ | Aaron Patterson | 2013-01-08 | 1 | -1/+6 |
| | | | | dealing with empty hashes. Thanks Damien Mathieu | ||||
* | Additional fix for CVE-2012-2661 | Ernie Miller | 2012-06-11 | 1 | -3/+3 |
| | | | | | | | | While the patched PredicateBuilder in 3.1.5 prevents a user from specifying a table name using the `table.column` format, it doesn't protect against the nesting of hashes changing the table context in the next call to build_from_hash. This fix covers this case as well. | ||||
* | predicate builder should not recurse for determining where columns. | Aaron Patterson | 2012-05-30 | 1 | -3/+3 |
| | | | | | | Thanks to Ben Murphy for reporting this CVE-2012-2661 | ||||
* | pushing caching and visitors down to the connection | Aaron Patterson | 2011-11-19 | 1 | -1/+1 |
| | |||||
* | Fixes issue #3483, regarding using a mixture of ranges and discrete values ↵ | Ryan Naughton | 2011-11-14 | 1 | -6/+8 |
| | | | | in find conditions. Paired with Joey Schoblaska. | ||||
* | Fix PredicateBuilder clobbering select_values in subquery. | Ernie Miller | 2011-08-20 | 1 | -1/+1 |
| | |||||
* | Fix assumption of primary key name in PredicateBuilder subquery. | Ernie Miller | 2011-08-20 | 1 | -1/+1 |
| | |||||
* | supporting nil when passed in as an IN clause | Aaron Patterson | 2011-04-29 | 1 | -1/+12 |
| | |||||
* | use Arel::Table#alias rather than passing the :as parameter | Aaron Patterson | 2011-03-05 | 1 | -2/+2 |
| | |||||
* | Split AssociationProxy into an Association class (and subclasses) which ↵ | Jon Leighton | 2011-02-18 | 1 | -1/+1 |
| | | | | manages the association, and a CollectionProxy class which is *only* a proxy. Singular associations no longer have a proxy. See CHANGELOG for more. | ||||
* | use the arel table rather than generating strings | Aaron Patterson | 2011-02-16 | 1 | -1/+1 |
| | |||||
* | no need for Array.wrap | Aaron Patterson | 2011-02-16 | 1 | -1/+1 |
| | |||||
* | removed an unnecessary second query when passing an ActiveRecord::Relation ↵ | Steven Fenigstein | 2011-02-16 | 1 | -1/+4 |
| | | | | to a where clause. And added ability to use subselects in where clauses. | ||||
* | User id instead of quoted_id to prevent double quoting. Fixes failing test ↵ | Robert Pankowecki (Gavdi) | 2011-01-04 | 1 | -1/+1 |
| | | | | for bug #6036. | ||||
* | arel can escape the id, so avoid using the database connection | Aaron Patterson | 2010-12-22 | 1 | -1/+1 |
| | |||||
* | Arel::Table#[] always returns an attribute, so no need for || | Aaron Patterson | 2010-12-22 | 1 | -1/+1 |
| | |||||
* | to_sym stuff before passing it to arel | Aaron Patterson | 2010-12-22 | 1 | -1/+1 |
| | |||||
* | just wrap as a sql literal | Aaron Patterson | 2010-11-23 | 1 | -2/+1 |
| | |||||
* | Do not send id for quoting twice if the primary key is string. | Neeraj Singh | 2010-11-23 | 1 | -1/+2 |
| | | | | [#6022 state:resolved] | ||||
* | support finding by a ruby class [#5979 state:resolved] | Aaron Patterson | 2010-11-15 | 1 | -0/+3 |
| | |||||
* | use quoted id of single AR::Base objects in predicates | Aaron Patterson | 2010-11-15 | 1 | -0/+2 |
| | |||||
* | avoid creating objects when we can | Aaron Patterson | 2010-10-03 | 1 | -11/+5 |
| | |||||
* | passing the quoted id to arel if the object has a quoted id | Aaron Patterson | 2010-09-10 | 1 | -1/+3 |
| | |||||
* | No need to check if the attribute exists (this is the same behavior as in ↵ | José Valim | 2010-06-29 | 1 | -3/+1 |
| | | | | 2.3) [#4994 state:resolved] and [#5003 state:resolved] | ||||
* | Fix small bug where ActiveRecord::PredicateBuilder#build_from_hash didn't ↵ | James Harton | 2010-06-22 | 1 | -1/+1 |
| | | | | | | test for Arel::Relation as right hand value. [#4917 state:resolved] Signed-off-by: José Valim <jose.valim@gmail.com> | ||||
* | Raise a StatementInvalid error when trying to build a condition with hash ↵ | Carl Lerche | 2010-04-03 | 1 | -1/+3 |
| | | | | keys that do not correspond to columns. | ||||
* | Goodbye ActiveRecord::NamedScope::Scope | Pratik Naik | 2010-04-02 | 1 | -1/+1 |
| | |||||
* | Arel now handles ranges with excluded end. | Emilio Tagua | 2010-03-29 | 1 | -6/+1 |
| | |||||
* | Arel now fallback to using Arel::Attribute if the table/column doesn't exists. | Emilio Tagua | 2010-03-10 | 1 | -3/+1 |
| | | | | | | [#4142 state:committed] Signed-off-by: Jeremy Kemper <jeremy@bitsweat.net> | ||||
* | Fix scope loading issue when the table doesn't exist | Pratik Naik | 2010-03-10 | 1 | -1/+3 |
| | |||||
* | Rely on arel to generate the correct sql when an empty array is supplied to ↵ | Pratik Naik | 2010-01-30 | 1 | -1/+1 |
| | | | | IN predicate | ||||
* | Handle invalid query IN() generated when a blank array is supplied in hash ↵ | Pratik Naik | 2010-01-18 | 1 | -1/+2 |
| | | | | conditions | ||||
* | Inherit named scope class Scope from Relation | Pratik Naik | 2010-01-18 | 1 | -1/+1 |
| | |||||
* | Rename Model.arel_table to Model.active_relation | Pratik Naik | 2010-01-02 | 1 | -5/+5 |
| | |||||
* | Handle Range with excluded end | Pratik Naik | 2010-01-01 | 1 | -1/+8 |
| | |||||
* | Try using cached attribute before creating a new one | Pratik Naik | 2010-01-01 | 1 | -1/+1 |
| | |||||
* | Use PredicateBuilder for sql hash sanitization | Pratik Naik | 2010-01-01 | 1 | -2/+4 |
| | |||||
* | Fix the method name for recusion | Pratik Naik | 2010-01-01 | 1 | -1/+1 |
| | |||||
* | Move predicate building to a stand alone PredicateBuilder class | Pratik Naik | 2010-01-01 | 1 | -0/+36 |