| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
| |
The test case for CVE-2014-3483 doesn't actually send the generated SQL
to the database. The generated SQL is actually invalid for real inputs.
|
|
|
|
| |
Fix CVE-2014-3483 and protect against CVE-2014-3482.
|
|
|
|
|
| |
Using general types where possible. Several more can go away once
infinity gets figured out.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I ran the whole test suite and compared the old to the new types.
Following is the list of types that did change with this patch:
```
DIFFERENT TYPE FOR mood: NEW: enum, BEFORE:
DIFFERENT TYPE FOR floatrange: NEW: floatrange, BEFORE: float
```
The `floatrange` is a custom type. The old type `float` was simply a coincidence
form the name `floatrange` and our type-guessing.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
SQL doesn't have a string type, and interpreting 'string' as text is
contrary to at least SQLite3's behavior:
"Note that a declared type of 'STRING' has an affinity of NUMERIC, not TEXT."
http://www.sqlite.org/datatype3.html
|
|
|
|
| |
fixes #9170
|
| |
|
| |
|
| |
|
|
|
|
| |
RUNNING_UNIT_TESTS file for details, but essentially you can now configure things in test/config.yml. You can also run tests directly via the command line, e.g. ruby path/to/test.rb (no rake needed, uses default db connection from test/config.yml). This will help us fix the CI by enabling us to isolate the different Rails versions to different databases.
|
|
|