From 6011ab853c0b843e0aa139ca90a5e4ab9ec143c2 Mon Sep 17 00:00:00 2001
From: yui-knk <spiketeika@gmail.com>
Date: Sat, 31 Oct 2015 10:04:38 +0900
Subject: Define `sanitize_sql_for_order` for AR and use it inside
 `preprocess_order_args`

This commit follows up of 6a6dbb4c51fb0c58ba1a810eaa552774167b758a.
---
 activerecord/lib/active_record/sanitization.rb | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'activerecord/lib/active_record/sanitization.rb')

diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 1cf4b09bf3..0c15f45db9 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -53,6 +53,22 @@ module ActiveRecord
         end
       end
 
+      # Accepts an array, or string of SQL conditions and sanitizes
+      # them into a valid SQL fragment for a ORDER clause.
+      #
+      #   sanitize_sql_for_order(["field(id, ?)", [1,3,2]])
+      #   # => "field(id, 1,3,2)"
+      #
+      #   sanitize_sql_for_order("id ASC")
+      #   # => "id ASC"
+      def sanitize_sql_for_order(condition)
+        if condition.is_a?(Array) && condition.first.to_s.include?('?')
+          sanitize_sql_array(condition)
+        else
+          condition
+        end
+      end
+
       # Accepts a hash of SQL conditions and replaces those attributes
       # that correspond to a {#composed_of}[rdoc-ref:Aggregations::ClassMethods#composed_of]
       # relationship with their expanded aggregate attribute values.
-- 
cgit v1.2.3