aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/lib/active_record/sanitization.rb
Commit message (Collapse)AuthorAgeFilesLines
* Use frozen-string-literal in ActiveRecordKir Shatrov2017-07-191-0/+2
|
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Deprecate using `#quoted_id` in quotingRyuta Kamizono2017-02-241-2/+1
| | | | | Originally `quoted_id` was used in legacy quoting mechanism. Now we use type casting mechanism for that. Let's deprecate `quoted_id`.
* `self.` is not needed when calling its own instance methodAkira Matsuda2017-01-051-1/+1
| | | | Actually, private methods cannot be called with `self.`, so it's not just redundant, it's a bad habit in Ruby
* Privatize unneededly protected methods in Active RecordAkira Matsuda2016-12-241-13/+13
|
* let Regexp#match? be globally availableXavier Noria2016-10-271-1/+0
| | | | | | Regexp#match? should be considered to be part of the Ruby core library. We are emulating it for < 2.4, but not having to require the extension is part of the illusion of the emulation.
* Fix broken comments indentation caused by rubocop auto-correct [ci skip]Ryuta Kamizono2016-09-141-80/+80
| | | | | | All indentation was normalized by rubocop auto-correct at 80e66cc4d90bf8c15d1a5f6e3152e90147f00772. But comments was still kept absolute position. This commit aligns comments with method definitions for consistency.
* Deprecate `sanitize_conditions`. Use `sanitize_sql` insteadRyuta Kamizono2016-08-181-2/+3
| | | | Because `sanitize_conditions` protected method is only used in one place.
* Merge pull request #26000 from kamipo/remove_sanitizeRafael França2016-08-161-8/+1
|\ | | | | Remove internal `sanitize` method
| * Remove internal `sanitize` methodRyuta Kamizono2016-07-311-8/+1
| | | | | | | | | | Currently internal `sanitize`/`quote_value` method is only used for `quoted_id`. Simply it is enough to use `connection.quote` public API instead.
* | normalizes indentation and whitespace across the projectXavier Noria2016-08-061-90/+90
| |
* | applies new string literal convention in activerecord/libXavier Noria2016-08-061-7/+7
|/ | | | | The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
* adds missing requiresXavier Noria2016-07-241-0/+2
|
* systematic revision of =~ usage in ARXavier Noria2016-07-231-1/+1
| | | | | Where appropriatei, prefer the more concise Regexp#match?, String#include?, String#start_with?, or String#end_with?
* Fix grammar `a` to `an` [ci skip]Ryuta Kamizono2016-02-131-1/+1
|
* quoted_id is not public API.Rafael Mendonça França2016-01-011-1/+1
| | | | | It was made public by mistake in https://github.com/rails/rails/commit/539b69e0.
* Add test cases for `#sanitize_sql_array` with named_bind_variablesyui-knk2015-11-091-0/+9
| | | | | And add code examples to `sanitize_sql_for_conditions`, `sanitize_sql_for_assignment`, and `sanitize_sql_array`.
* Define `sanitize_sql_for_order` for AR and use it inside `preprocess_order_args`yui-knk2015-11-021-0/+16
| | | | This commit follows up of 6a6dbb4c51fb0c58ba1a810eaa552774167b758a.
* applies new doc guidelines to Active Record.Yves Senn2015-10-141-3/+4
| | | | | | | | | | | | | | | | | | | The focus of this change is to make the API more accessible. References to method and classes should be linked to make it easy to navigate around. This patch makes exzessiv use of `rdoc-ref:` to provide more readable docs. This makes it possible to document `ActiveRecord::Base#save` even though the method is within a separate module `ActiveRecord::Persistence`. The goal here is to bring the API closer to the actual code that you would write. This commit only deals with Active Record. The other gems will be updated accordingly but in different commits. The pass through Active Record is not completely finished yet. A follow up commit will change the spots I haven't yet had the time to update. /cc @fxn
* [ci skip] Update docs of `AR::Sanitization`yui-knk2015-09-261-19/+56
| | | | | | | | | * add % style prepared statement and string examples for `sanitize_sql_for_conditions` * add array and string examples for `sanitize_sql_for_assignment` * add examples for `sanitize_sql_like` * add % style prepared statement example for `sanitize_sql_array` * align spaces of exampl code
* Remove not used argument `table_name` of `sanitize_sql_for_conditions`yui-knk2015-09-231-1/+1
| | | | | | | | | | This argument was needen when `sanitize_sql_for_conditions` internally called `sanitize_sql_hash_for_conditions`. But `sanitize_sql_hash_for_conditions` was deprecated (https://github.com/rails/rails/commit/eb921000a11bc87a3b001164fc367b84aee584c5) and deleted (https://github.com/rails/rails/commit/3a59dd212315ebb9bae8338b98af259ac00bbef3) (https://github.com/rails/rails/commit/4bd089f1d93fa168b0ae17dd8c92a5157a2537d7).
* Use block variable instead of globalRoque Pinel2015-06-091-2/+2
|
* remove documentation for sanitize_sql_for_conditions with a HashMatthew Rudy Jacobs2015-05-121-2/+1
|
* Remove call to sanitize_sql_hash_for_conditionsMatthew Rudy Jacobs2015-05-121-1/+0
| | | | This method has already been removed.
* `type_cast_for_database` -> `serialize`Sean Griffin2015-02-171-1/+1
|
* Stop passing a column to `quote` when finding by AR modelsSean Griffin2015-01-101-5/+2
| | | | | | | I'm planning on deprecating the column argument to mirror the deprecation in [arel]. [arel]: https://github.com/rails/arel/commit/6160bfbda1d1781c3b08a33ec4955f170e95be11
* Remove deprecated `sanitize_sql_hash_for_conditions`Rafael Mendonça França2015-01-041-29/+0
|
* Stop using the column for type information in sanitizationSean Griffin2015-01-011-5/+4
| | | | | | As we move towards removing the types from the column objects, any remaining places which have access to richer type information should be using it.
* Remove `klass` and `arel_table` as a dependency of `PredicateBuilder`Sean Griffin2014-12-261-1/+1
| | | | | | | | | | | | | | | This class cares far too much about the internals of other parts of Active Record. This is an attempt to break out a meaningful object which represents the needs of the predicate builder. I'm not fully satisfied with the name, but the general concept is an object which represents a table, the associations to/from that table, and the types associated with it. Many of these exist at the `ActiveRecord::Base` class level, not as properties of the table itself, hence the need for another object. Currently it provides these by holding a reference to the class, but that will likely change in the future. This allows the predicate builder to remain wholy concerned with building predicates. /cc @mrgilman
* Refactor `PredicateBuilder` from singleton to instanceMelanie Gilman2014-12-021-3/+4
|
* Stop using `Arel::Table.engine`Sean Griffin2014-11-291-1/+1
| | | | | | | | | | | | | We never actually make use of it on the table, since we're constructing the select manager manually. It looks like if we ever actually were grabbing it from the table, we're grossly misusing it since it's meant to vary by AR class. Its existence on `Arel::Table` appears to be purely for convenience methods that are never used outside of tests. However, in production code it just complicates construction of the tables on the rails side, and the plan is to remove it from `Arel::Table` entirely. I'm not convinced it needs to live on `SelectManager`, etc either.
* Revert deprecation of `sanitize_sql_hash_for_assignment`Sean Griffin2014-11-021-3/+0
| | | | This method is still used by `update_all`
* Deprecate `sanitize_sql_hash_` methods on ActiveRecordSean Griffin2014-11-021-0/+6
| | | | | These appear to be implementation relics of times past. They duplicate the logic in Relation, and are no longer used internally.
* Call gsub with a Regexp instead of a String for better performancePablo Herrero2014-11-011-1/+1
|
* [ci skip] Use `an` for SQLAkshay Vishnoi2014-06-141-1/+1
|
* Merge branch 'master' into adequaterecordAaron Patterson2014-04-201-0/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (74 commits) [ci skip] builtin -> built-in Fix code indentation and improve formatting Grammar fix in Getting Started Guide Make URL escaping more consistent Optimize URI escaping Always escape string passed to url helper. Remove statement assuming coffee shop/public space wifi is inherently insecure Don't rely on Arel master in bug report template [ci skip] wrap methods in backticks [ci skip] "subhash" --> "sub-hash" multibyte_conformance.rb --> multibyte_conformance_test.rb Fix inconsistent behavior from String#first/#last `@destroyed` should always be set to `false` when an object is duped. remove warning `warning: ambiguous first argument; put parentheses or even spaces` :uglify -> :uglifier Regression test for irregular inflection on has_many Singularize association names before camelization Fix spelling and proper nouns Optimize select_value, select_values, select_rows and dry up checking whether to exec with cache for Postgresql adapter Include default rails protect_from_forgery with: :exception ... Conflicts: activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb activerecord/lib/active_record/connection_adapters/sqlite3_adapter.rb
| * `sanitize_sql_like` escapes `escape_character` not only backslash.Yves Senn2014-04-161-1/+2
| | | | | | | | | | | | * This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build
| * SQL Like escaping helper method. [Rob Gilson & Yves Senn]Rob Gilson2014-04-161-0/+6
| | | | | | | | | | | | | | | | | | Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break.
* | working against arel/collector branchAaron Patterson2014-04-091-1/+1
|/
* move alias method `sanitize_conditions` to a correct placeDmitry Polushkin2014-02-091-2/+1
|
* Tidy up fix for PG extensions quotingCarlos Antonio da Silva2013-12-231-4/+6
| | | | | Always pass in the column for quote_bound_value and quote using it in case it exists there.
* Serialize postgres' hstore, json and array types correctly in AR update methods.Tadas Tamosauskas2013-12-231-4/+5
| | | | | | | | | Fixes #12261. Closes #12395. Conflicts: activerecord/CHANGELOG.md activerecord/test/cases/adapters/postgresql/array_test.rb activerecord/test/cases/adapters/postgresql/json_test.rb
* Add nodoc to methodRafael Mendonça França2013-10-131-1/+1
|
* Generate subquery for Relation passed as array condition for wherePaul Nikitochkin2013-10-131-2/+12
| | | | | | | | | Instead of executing 2 queries for fetching records filtered by array condition with Relation, added generation of subquery to current query. This behaviour will be consistent when passes Relation as hash condition to where Closes: #12415
* Don't allow `quote_value` to be called without a columnBen Woosley2013-07-221-2/+2
| | | | | | | Some adapters require column information to do their job properly. By enforcing the provision of the column for this internal method we ensure that those using adapters that require column information will always get the proper behavior.
* resolve aliases before passing the hash to the predicate builderAaron Patterson2013-07-021-0/+1
|
* Fix bug in ActiveRecord::Sanitization#sanitize_sql_hash_for_conditionsZach Ohlgren2013-05-061-1/+1
| | | | | | | | Fixing CHANGLOG description Remove extra line. Remove blank lines.
* Fix cases where delete_records on a has_many association caused errorsDerek Kraan2013-01-271-4/+4
| | | | | | | | | | | | | because of an ambiguous column name. This happened if the association model had a default scope that referenced a third table, and the third table also referenced the original table (with an identical foreign_key). Mysql requires that ambiguous columns are deambiguated by using the full table.column syntax. Postgresql and Sqlite use a different syntax for updates altogether (and don't tolerate table.name syntax), so the fix requires always including the full table.column and discarding it later for Sqlite and Postgresql.
* 1.9 Syntax related changesAvnerCohen2012-11-101-12/+12
|
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 21:21:47 +0000