aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/sanitization.rb
Commit message (Expand)AuthorAgeFilesLines
* Refactor `disallow_raw_sql!` to avoid `split(/\s*,\s*/)` to order argsRyuta Kamizono2019-06-091-2/+1
* Allow quoted identifier string as safe SQL stringRyuta Kamizono2019-06-061-2/+31
* Quote empty ranges like other empty enumerablesPatrick Rebsch2019-03-071-2/+3
* Remove deprecated `expand_hash_conditions_for_aggregates`Rafael Mendonça França2019-01-171-37/+0
* Permit list usage cleanup and clearer documentationKevin Deisz2018-08-271-2/+2
* Convert over the rest of the whitelist referencesKevin Deisz2018-08-241-2/+2
* Merge pull request #31821 from composerinteralia/extra-to_sGeorge Claghorn2018-01-291-1/+1
|\
| * Avoid extra calls to to_sDaniel Colson2018-01-291-1/+1
* | Deprecate `expand_hash_conditions_for_aggregates`Ryuta Kamizono2018-01-291-0/+1
|/
* Allow expanding an array of `composed_of` objectsRyuta Kamizono2018-01-291-6/+4
* Fix not expanded problem when passing an Array object as argument to the wher...orekyuu2018-01-261-3/+7
* Make `sanitize_sql_` methods publicyuuji.yaginuma2017-12-131-125/+124
* Merge pull request #27947 from mastahyeti/unsafe_raw_sqlMatthew Draper2017-11-141-1/+11
|\
| * push order arg checks down to allow for bindsBen Toews2017-11-091-1/+5
| * deal with Array arguments to #orderBen Toews2017-11-091-0/+6
* | Properly cast input in `update_all`Sean Griffin2017-11-131-1/+2
|/
* Remove deprecated method `#sanitize_conditions`Rafael Mendonça França2017-10-231-2/+0
* Remove deprecated support to `quoted_id` when typecasting an Active Record ob...Rafael Mendonça França2017-10-231-5/+0
* Use frozen-string-literal in ActiveRecordKir Shatrov2017-07-191-0/+2
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
* Deprecate using `#quoted_id` in quotingRyuta Kamizono2017-02-241-2/+1
* `self.` is not needed when calling its own instance methodAkira Matsuda2017-01-051-1/+1
* Privatize unneededly protected methods in Active RecordAkira Matsuda2016-12-241-13/+13
* let Regexp#match? be globally availableXavier Noria2016-10-271-1/+0
* Fix broken comments indentation caused by rubocop auto-correct [ci skip]Ryuta Kamizono2016-09-141-80/+80
* Deprecate `sanitize_conditions`. Use `sanitize_sql` insteadRyuta Kamizono2016-08-181-2/+3
* Merge pull request #26000 from kamipo/remove_sanitizeRafael França2016-08-161-8/+1
|\
| * Remove internal `sanitize` methodRyuta Kamizono2016-07-311-8/+1
* | normalizes indentation and whitespace across the projectXavier Noria2016-08-061-90/+90
* | applies new string literal convention in activerecord/libXavier Noria2016-08-061-7/+7
|/
* adds missing requiresXavier Noria2016-07-241-0/+2
* systematic revision of =~ usage in ARXavier Noria2016-07-231-1/+1
* Fix grammar `a` to `an` [ci skip]Ryuta Kamizono2016-02-131-1/+1
* quoted_id is not public API.Rafael Mendonça França2016-01-011-1/+1
* Add test cases for `#sanitize_sql_array` with named_bind_variablesyui-knk2015-11-091-0/+9
* Define `sanitize_sql_for_order` for AR and use it inside `preprocess_order_args`yui-knk2015-11-021-0/+16
* applies new doc guidelines to Active Record.Yves Senn2015-10-141-3/+4
* [ci skip] Update docs of `AR::Sanitization`yui-knk2015-09-261-19/+56
* Remove not used argument `table_name` of `sanitize_sql_for_conditions`yui-knk2015-09-231-1/+1
* Use block variable instead of globalRoque Pinel2015-06-091-2/+2
* remove documentation for sanitize_sql_for_conditions with a HashMatthew Rudy Jacobs2015-05-121-2/+1
* Remove call to sanitize_sql_hash_for_conditionsMatthew Rudy Jacobs2015-05-121-1/+0
* `type_cast_for_database` -> `serialize`Sean Griffin2015-02-171-1/+1
* Stop passing a column to `quote` when finding by AR modelsSean Griffin2015-01-101-5/+2
* Remove deprecated `sanitize_sql_hash_for_conditions`Rafael Mendonça França2015-01-041-29/+0
* Stop using the column for type information in sanitizationSean Griffin2015-01-011-5/+4
* Remove `klass` and `arel_table` as a dependency of `PredicateBuilder`Sean Griffin2014-12-261-1/+1
* Refactor `PredicateBuilder` from singleton to instanceMelanie Gilman2014-12-021-3/+4
* Stop using `Arel::Table.engine`Sean Griffin2014-11-291-1/+1