aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/sanitization.rb
Commit message (Collapse)AuthorAgeFilesLines
* Define `sanitize_sql_for_order` for AR and use it inside `preprocess_order_args`yui-knk2015-11-021-0/+16
| | | | This commit follows up of 6a6dbb4c51fb0c58ba1a810eaa552774167b758a.
* applies new doc guidelines to Active Record.Yves Senn2015-10-141-3/+4
| | | | | | | | | | | | | | | | | | | The focus of this change is to make the API more accessible. References to method and classes should be linked to make it easy to navigate around. This patch makes exzessiv use of `rdoc-ref:` to provide more readable docs. This makes it possible to document `ActiveRecord::Base#save` even though the method is within a separate module `ActiveRecord::Persistence`. The goal here is to bring the API closer to the actual code that you would write. This commit only deals with Active Record. The other gems will be updated accordingly but in different commits. The pass through Active Record is not completely finished yet. A follow up commit will change the spots I haven't yet had the time to update. /cc @fxn
* [ci skip] Update docs of `AR::Sanitization`yui-knk2015-09-261-19/+56
| | | | | | | | | * add % style prepared statement and string examples for `sanitize_sql_for_conditions` * add array and string examples for `sanitize_sql_for_assignment` * add examples for `sanitize_sql_like` * add % style prepared statement example for `sanitize_sql_array` * align spaces of exampl code
* Remove not used argument `table_name` of `sanitize_sql_for_conditions`yui-knk2015-09-231-1/+1
| | | | | | | | | | This argument was needen when `sanitize_sql_for_conditions` internally called `sanitize_sql_hash_for_conditions`. But `sanitize_sql_hash_for_conditions` was deprecated (https://github.com/rails/rails/commit/eb921000a11bc87a3b001164fc367b84aee584c5) and deleted (https://github.com/rails/rails/commit/3a59dd212315ebb9bae8338b98af259ac00bbef3) (https://github.com/rails/rails/commit/4bd089f1d93fa168b0ae17dd8c92a5157a2537d7).
* Use block variable instead of globalRoque Pinel2015-06-091-2/+2
|
* remove documentation for sanitize_sql_for_conditions with a HashMatthew Rudy Jacobs2015-05-121-2/+1
|
* Remove call to sanitize_sql_hash_for_conditionsMatthew Rudy Jacobs2015-05-121-1/+0
| | | | This method has already been removed.
* `type_cast_for_database` -> `serialize`Sean Griffin2015-02-171-1/+1
|
* Stop passing a column to `quote` when finding by AR modelsSean Griffin2015-01-101-5/+2
| | | | | | | I'm planning on deprecating the column argument to mirror the deprecation in [arel]. [arel]: https://github.com/rails/arel/commit/6160bfbda1d1781c3b08a33ec4955f170e95be11
* Remove deprecated `sanitize_sql_hash_for_conditions`Rafael Mendonça França2015-01-041-29/+0
|
* Stop using the column for type information in sanitizationSean Griffin2015-01-011-5/+4
| | | | | | As we move towards removing the types from the column objects, any remaining places which have access to richer type information should be using it.
* Remove `klass` and `arel_table` as a dependency of `PredicateBuilder`Sean Griffin2014-12-261-1/+1
| | | | | | | | | | | | | | | This class cares far too much about the internals of other parts of Active Record. This is an attempt to break out a meaningful object which represents the needs of the predicate builder. I'm not fully satisfied with the name, but the general concept is an object which represents a table, the associations to/from that table, and the types associated with it. Many of these exist at the `ActiveRecord::Base` class level, not as properties of the table itself, hence the need for another object. Currently it provides these by holding a reference to the class, but that will likely change in the future. This allows the predicate builder to remain wholy concerned with building predicates. /cc @mrgilman
* Refactor `PredicateBuilder` from singleton to instanceMelanie Gilman2014-12-021-3/+4
|
* Stop using `Arel::Table.engine`Sean Griffin2014-11-291-1/+1
| | | | | | | | | | | | | We never actually make use of it on the table, since we're constructing the select manager manually. It looks like if we ever actually were grabbing it from the table, we're grossly misusing it since it's meant to vary by AR class. Its existence on `Arel::Table` appears to be purely for convenience methods that are never used outside of tests. However, in production code it just complicates construction of the tables on the rails side, and the plan is to remove it from `Arel::Table` entirely. I'm not convinced it needs to live on `SelectManager`, etc either.
* Revert deprecation of `sanitize_sql_hash_for_assignment`Sean Griffin2014-11-021-3/+0
| | | | This method is still used by `update_all`
* Deprecate `sanitize_sql_hash_` methods on ActiveRecordSean Griffin2014-11-021-0/+6
| | | | | These appear to be implementation relics of times past. They duplicate the logic in Relation, and are no longer used internally.
* Call gsub with a Regexp instead of a String for better performancePablo Herrero2014-11-011-1/+1
|
* [ci skip] Use `an` for SQLAkshay Vishnoi2014-06-141-1/+1
|
* Merge branch 'master' into adequaterecordAaron Patterson2014-04-201-0/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (74 commits) [ci skip] builtin -> built-in Fix code indentation and improve formatting Grammar fix in Getting Started Guide Make URL escaping more consistent Optimize URI escaping Always escape string passed to url helper. Remove statement assuming coffee shop/public space wifi is inherently insecure Don't rely on Arel master in bug report template [ci skip] wrap methods in backticks [ci skip] "subhash" --> "sub-hash" multibyte_conformance.rb --> multibyte_conformance_test.rb Fix inconsistent behavior from String#first/#last `@destroyed` should always be set to `false` when an object is duped. remove warning `warning: ambiguous first argument; put parentheses or even spaces` :uglify -> :uglifier Regression test for irregular inflection on has_many Singularize association names before camelization Fix spelling and proper nouns Optimize select_value, select_values, select_rows and dry up checking whether to exec with cache for Postgresql adapter Include default rails protect_from_forgery with: :exception ... Conflicts: activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb
| * `sanitize_sql_like` escapes `escape_character` not only backslash.Yves Senn2014-04-161-1/+2
| | | | | | | | | | | | * This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build
| * SQL Like escaping helper method. [Rob Gilson & Yves Senn]Rob Gilson2014-04-161-0/+6
| | | | | | | | | | | | | | | | | | Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break.
* | working against arel/collector branchAaron Patterson2014-04-091-1/+1
|/
* move alias method `sanitize_conditions` to a correct placeDmitry Polushkin2014-02-091-2/+1
|
* Tidy up fix for PG extensions quotingCarlos Antonio da Silva2013-12-231-4/+6
| | | | | Always pass in the column for quote_bound_value and quote using it in case it exists there.
* Serialize postgres' hstore, json and array types correctly in AR update methods.Tadas Tamosauskas2013-12-231-4/+5
| | | | | | | | | Fixes #12261. Closes #12395. Conflicts: activerecord/CHANGELOG.md activerecord/test/cases/adapters/postgresql/array_test.rb activerecord/test/cases/adapters/postgresql/json_test.rb
* Add nodoc to methodRafael Mendonça França2013-10-131-1/+1
|
* Generate subquery for Relation passed as array condition for wherePaul Nikitochkin2013-10-131-2/+12
| | | | | | | | | Instead of executing 2 queries for fetching records filtered by array condition with Relation, added generation of subquery to current query. This behaviour will be consistent when passes Relation as hash condition to where Closes: #12415
* Don't allow `quote_value` to be called without a columnBen Woosley2013-07-221-2/+2
| | | | | | | Some adapters require column information to do their job properly. By enforcing the provision of the column for this internal method we ensure that those using adapters that require column information will always get the proper behavior.
* resolve aliases before passing the hash to the predicate builderAaron Patterson2013-07-021-0/+1
|
* Fix bug in ActiveRecord::Sanitization#sanitize_sql_hash_for_conditionsZach Ohlgren2013-05-061-1/+1
| | | | | | | | Fixing CHANGLOG description Remove extra line. Remove blank lines.
* Fix cases where delete_records on a has_many association caused errorsDerek Kraan2013-01-271-4/+4
| | | | | | | | | | | | | because of an ambiguous column name. This happened if the association model had a default scope that referenced a third table, and the third table also referenced the original table (with an identical foreign_key). Mysql requires that ambiguous columns are deambiguated by using the full table.column syntax. Postgresql and Sqlite use a different syntax for updates altogether (and don't tolerate table.name syntax), so the fix requires always including the full table.column and discarding it later for Sqlite and Postgresql.
* 1.9 Syntax related changesAvnerCohen2012-11-101-12/+12
|
* remove unused `expand_range_bind_variables` methodYves Senn2012-10-081-17/+0
| | | | this method was not used, not documented and not tested.
* Pass in the model class rather than engineJon Leighton2012-09-131-2/+2
| | | | | | | | | In some circumstances engine was Arel::Table.engine which for separate reasons was an ActiveRecord::Model::DeprecationProxy, which caused a deprecation warning. In any case, we want the actual model class here, since we want to use it to infer information about associations.
* Minor refactor in ActiveRecord#initialize_dupCarlos Antonio da Silva2012-09-071-1/+0
| | | | | | * There is no need to delete the primary key from cloned attributes, since it sets the same pk to nil afterwards. * Check for empty? instead of any? to run initialize callbacks.
* load active_support/concern in active_support/railsXavier Noria2012-08-021-1/+0
|
* Revert "Removing composed_of from ActiveRecord."Rafael Mendonça França2012-07-271-0/+32
| | | | | | | | | | | This reverts commit 14fc8b34521f8354a17e50cd11fa3f809e423592. Reason: we need to discuss a better path from this removal. Conflicts: activerecord/lib/active_record/reflection.rb activerecord/test/cases/base_test.rb activerecord/test/models/developer.rb
* Remove instance level quote_value method. This method is private and also ↵kennyj2012-07-141-9/+2
| | | | exists in class method.
* Removing composed_of from ActiveRecord.Steve Klabnik2012-06-181-32/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This feature adds a lot of complication to ActiveRecord for dubious value. Let's talk about what it does currently: class Customer < ActiveRecord::Base composed_of :balance, :class_name => "Money", :mapping => %w(balance amount) end Instead, you can do something like this: def balance @balance ||= Money.new(value, currency) end def balance=(balance) self[:value] = balance.value self[:currency] = balance.currency @balance = balance end Since that's fairly easy code to write, and doesn't need anything extra from the framework, if you use composed_of today, you'll have to add accessors/mutators like that. Closes #1436 Closes #2084 Closes #3807
* de-globalise methodJon Leighton2012-05-041-1/+1
|
* Refactor and cleanup in some ActiveRecord modulesCarlos Antonio da Silva2012-03-031-4/+4
| | | | | | | | | | | * Avoid double hash lookups in AR::Reflection when reflecting associations/aggregations * Minor cleanups: use elsif, do..end, if..else instead of unless..else * Simplify DynamicMatchers#respond_to? * Use "where" instead of scoped with conditions hash * Extract `scoped_by` method pattern regexp to constant * Extract noisy class_eval from method_missing in dynamic matchers * Extract readonly check, avoid calling column#to_s twice in persistence * Refactor predicate builder, remove some variables
* Split out most of the AR::Base code into separate modules :cake:Jon Leighton2011-12-151-0/+194
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 17:32:59 +0000