From 6607ecb2a1ccc9b43cfb8db2d06dc5301a5320ba Mon Sep 17 00:00:00 2001
From: Ryuta Kamizono <kamipo@gmail.com>
Date: Mon, 10 Jun 2019 06:21:23 +0900
Subject: Allow `column_name AS alias` as safe SQL string

---
 .../lib/active_record/connection_adapters/abstract/quoting.rb  |  1 +
 .../lib/active_record/connection_adapters/mysql/quoting.rb     |  1 +
 .../active_record/connection_adapters/postgresql/quoting.rb    |  1 +
 .../lib/active_record/connection_adapters/sqlite3/quoting.rb   |  1 +
 activerecord/test/cases/unsafe_raw_sql_test.rb                 | 10 ++++++++++
 5 files changed, 14 insertions(+)

diff --git a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
index a1b91c22de..e34f4f745f 100644
--- a/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -159,6 +159,7 @@ module ActiveRecord
         \A
         (
           (?:\w+\.)?\w+
+          (?:(?:\s+AS)?\s+\w+)?
         )
         (?:\s*,\s*\g<1>)*
         \z
diff --git a/activerecord/lib/active_record/connection_adapters/mysql/quoting.rb b/activerecord/lib/active_record/connection_adapters/mysql/quoting.rb
index 740832d6b8..a0829b1115 100644
--- a/activerecord/lib/active_record/connection_adapters/mysql/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/mysql/quoting.rb
@@ -44,6 +44,7 @@ module ActiveRecord
           \A
           (
             (?:\w+\.|`\w+`\.)?(?:\w+|`\w+`)
+            (?:(?:\s+AS)?\s+(?:\w+|`\w+`))?
           )
           (?:\s*,\s*\g<1>)*
           \z
diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
index 095429dd89..d18c5c5c12 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
@@ -90,6 +90,7 @@ module ActiveRecord
           \A
           (
             (?:\w+\.|"\w+"\.)?(?:\w+|"\w+")(?:::\w+)?
+            (?:(?:\s+AS)?\s+(?:\w+|"\w+"))?
           )
           (?:\s*,\s*\g<1>)*
           \z
diff --git a/activerecord/lib/active_record/connection_adapters/sqlite3/quoting.rb b/activerecord/lib/active_record/connection_adapters/sqlite3/quoting.rb
index 88a16599f7..5d6932e4ca 100644
--- a/activerecord/lib/active_record/connection_adapters/sqlite3/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/sqlite3/quoting.rb
@@ -57,6 +57,7 @@ module ActiveRecord
           \A
           (
             (?:\w+\.|"\w+"\.)?(?:\w+|"\w+")
+            (?:(?:\s+AS)?\s+(?:\w+|"\w+"))?
           )
           (?:\s*,\s*\g<1>)*
           \z
diff --git a/activerecord/test/cases/unsafe_raw_sql_test.rb b/activerecord/test/cases/unsafe_raw_sql_test.rb
index fc92bf73c9..d4cb51afba 100644
--- a/activerecord/test/cases/unsafe_raw_sql_test.rb
+++ b/activerecord/test/cases/unsafe_raw_sql_test.rb
@@ -223,6 +223,16 @@ class UnsafeRawSqlTest < ActiveRecord::TestCase
     assert_equal titles_expected, titles_disabled
   end
 
+  test "pluck: allows string column name with alias" do
+    titles_expected = Post.pluck(Arel.sql("title"))
+
+    titles_depr     = with_unsafe_raw_sql_deprecated { Post.pluck("title AS posts_title") }
+    titles_disabled = with_unsafe_raw_sql_disabled   { Post.pluck("title AS posts_title") }
+
+    assert_equal titles_expected, titles_depr
+    assert_equal titles_expected, titles_disabled
+  end
+
   test "pluck: allows symbol column name" do
     titles_expected = Post.pluck(Arel.sql("title"))
 
-- 
cgit v1.2.3