From 070c9984a50a5d715a8d2cd3847ae4b603a10d19 Mon Sep 17 00:00:00 2001 From: Raimonds Simanovskis Date: Mon, 25 Apr 2011 22:09:48 +0300 Subject: Do not use SQL LIKE operator for case insensitive uniqueness validation It can result in wrong results if values contain special % or _ characters. It is safer to use SQL LOWER function and compare for equality. --- activerecord/lib/active_record/validations/uniqueness.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'activerecord/lib/active_record') diff --git a/activerecord/lib/active_record/validations/uniqueness.rb b/activerecord/lib/active_record/validations/uniqueness.rb index d1225a9ed9..4db4105389 100644 --- a/activerecord/lib/active_record/validations/uniqueness.rb +++ b/activerecord/lib/active_record/validations/uniqueness.rb @@ -56,8 +56,9 @@ module ActiveRecord column = klass.columns_hash[attribute.to_s] value = column.limit ? value.to_s.mb_chars[0, column.limit] : value.to_s if column.text? - if !options[:case_sensitive] && column.text? - relation = table[attribute].matches(value) + if !options[:case_sensitive] && value && column.text? + # will use SQL LOWER function before comparison + relation = table[attribute].lower.eq(table.lower(value)) else value = klass.connection.case_sensitive_modifier(value) relation = table[attribute].eq(value) -- cgit v1.2.3