From 070c9984a50a5d715a8d2cd3847ae4b603a10d19 Mon Sep 17 00:00:00 2001
From: Raimonds Simanovskis <raimonds.simanovskis@gmail.com>
Date: Mon, 25 Apr 2011 22:09:48 +0300
Subject: Do not use SQL LIKE operator for case insensitive uniqueness
 validation

It can result in wrong results if values contain special % or _ characters. It is safer to use SQL LOWER function and compare for equality.
---
 activerecord/lib/active_record/validations/uniqueness.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'activerecord/lib/active_record/validations/uniqueness.rb')

diff --git a/activerecord/lib/active_record/validations/uniqueness.rb b/activerecord/lib/active_record/validations/uniqueness.rb
index d1225a9ed9..4db4105389 100644
--- a/activerecord/lib/active_record/validations/uniqueness.rb
+++ b/activerecord/lib/active_record/validations/uniqueness.rb
@@ -56,8 +56,9 @@ module ActiveRecord
         column = klass.columns_hash[attribute.to_s]
         value = column.limit ? value.to_s.mb_chars[0, column.limit] : value.to_s if column.text?
 
-        if !options[:case_sensitive] && column.text?
-          relation = table[attribute].matches(value)
+        if !options[:case_sensitive] && value && column.text?
+          # will use SQL LOWER function before comparison
+          relation = table[attribute].lower.eq(table.lower(value))
         else
           value    = klass.connection.case_sensitive_modifier(value)
           relation = table[attribute].eq(value)
-- 
cgit v1.2.3