From 732b222126bd6b37925a4fcdcda832de65858122 Mon Sep 17 00:00:00 2001 From: Nick Kallen Date: Fri, 16 May 2008 17:38:15 -0700 Subject: fixed string escaping issue --- lib/arel/extensions/object.rb | 2 +- lib/arel/relations/join.rb | 2 +- lib/arel/relations/relation.rb | 4 ++-- spec/arel/integration/joins/with_compounds_spec.rb | 24 ++++++++++++++++++---- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/lib/arel/extensions/object.rb b/lib/arel/extensions/object.rb index 69ec6a5dce..0382ca8027 100644 --- a/lib/arel/extensions/object.rb +++ b/lib/arel/extensions/object.rb @@ -3,7 +3,7 @@ class Object Arel::Value.new(self, relation) end - def to_sql(formatter = nil) + def to_sql(formatter) formatter.scalar self end diff --git a/lib/arel/relations/join.rb b/lib/arel/relations/join.rb index 2dd3555bac..8e29f0492b 100644 --- a/lib/arel/relations/join.rb +++ b/lib/arel/relations/join.rb @@ -25,7 +25,7 @@ module Arel join_sql, relation2.externalize.table_sql(formatter), ("ON" unless predicates.blank?), - (predicates + relation2.externalize.selects).collect { |p| p.bind(environment).to_sql }.join(' AND ') + (predicates + relation2.externalize.selects).collect { |p| p.bind(environment).to_sql(Sql::WhereClause.new(environment)) }.join(' AND ') ].compact.join(" ") [relation1.joins(environment), this_join, relation2.joins(environment)].compact.join(" ") end diff --git a/lib/arel/relations/relation.rb b/lib/arel/relations/relation.rb index 490f545637..920bcd2d8d 100644 --- a/lib/arel/relations/relation.rb +++ b/lib/arel/relations/relation.rb @@ -9,8 +9,8 @@ module Arel "SELECT #{attributes.collect { |a| a.to_sql(Sql::SelectClause.new(self)) }.join(', ')}", "FROM #{table_sql(Sql::TableReference.new(self))}", (joins(self) unless joins(self).blank? ), - ("WHERE #{selects.collect { |s| s.to_sql(Sql::WhereClause.new(self)) }.join("\n\tAND ")}" unless selects.blank? ), - ("ORDER BY #{orders.collect { |o| o.to_sql(Sql::OrderClause.new(self)) }.join(', ')}" unless orders.blank? ), + ("WHERE #{selects .collect { |s| s.to_sql(Sql::WhereClause.new(self)) }.join("\n\tAND ")}" unless selects.blank? ), + ("ORDER BY #{orders .collect { |o| o.to_sql(Sql::OrderClause.new(self)) }.join(', ')}" unless orders.blank? ), ("GROUP BY #{groupings.collect { |g| g.to_sql(Sql::GroupClause.new(self)) }.join(', ')}" unless groupings.blank? ), ("LIMIT #{taken}" unless taken.blank? ), ("OFFSET #{skipped}" unless skipped.blank? ) diff --git a/spec/arel/integration/joins/with_compounds_spec.rb b/spec/arel/integration/joins/with_compounds_spec.rb index 49f0132190..62d226acf2 100644 --- a/spec/arel/integration/joins/with_compounds_spec.rb +++ b/spec/arel/integration/joins/with_compounds_spec.rb @@ -8,9 +8,25 @@ module Arel @predicate = @relation1[:id].eq(@relation2[:user_id]) end - describe 'when a compound contains a join' do - describe '#to_sql' do - describe 'when the compound is a select' do + describe '#to_sql' do + describe 'when the join contains a select' do + describe 'and the select is given a string' do + it 'does not escape the string' do + @relation1 \ + .join(@relation2.select("asdf")) \ + .on(@predicate) \ + .to_sql.should be_like(" + SELECT `users`.`id`, `users`.`name`, `photos`.`id`, `photos`.`user_id`, `photos`.`camera_id` + FROM `users` + INNER JOIN `photos` + ON `users`.`id` = `photos`.`user_id` AND asdf + ") + end + end + end + + describe 'when a compound contains a join' do + describe 'and the compound is a select' do it 'manufactures sql disambiguating the tables' do @relation1 \ .select(@relation1[:id].eq(1)) \ @@ -28,7 +44,7 @@ module Arel end end - describe 'when the compound is a group' do + describe 'and the compound is a group' do it 'manufactures sql disambiguating the tables' do @relation1 \ .join(@relation2) \ -- cgit v1.2.3