From 6011ab853c0b843e0aa139ca90a5e4ab9ec143c2 Mon Sep 17 00:00:00 2001
From: yui-knk <spiketeika@gmail.com>
Date: Sat, 31 Oct 2015 10:04:38 +0900
Subject: Define `sanitize_sql_for_order` for AR and use it inside
 `preprocess_order_args`

This commit follows up of 6a6dbb4c51fb0c58ba1a810eaa552774167b758a.
---
 activerecord/CHANGELOG.md                                |  5 +++++
 activerecord/lib/active_record/relation/query_methods.rb |  6 +-----
 activerecord/lib/active_record/sanitization.rb           | 16 ++++++++++++++++
 activerecord/test/cases/relation/mutation_test.rb        |  4 ++++
 activerecord/test/cases/relation_test.rb                 |  4 ++++
 5 files changed, 30 insertions(+), 5 deletions(-)

(limited to 'activerecord')

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index edd0517c6e..5961e45485 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,8 @@
+*   Define `ActiveRecord::Sanitization.sanitize_sql_for_order` and use it inside
+    `preprocess_order_args`.
+
+    *Yuichiro Kaneko*
+
 *   Allow bigint with default nil for avoiding auto increment primary key.
 
     *Ryuta Kamizono*
diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb
index 800de78fe3..2dc52982c9 100644
--- a/activerecord/lib/active_record/relation/query_methods.rb
+++ b/activerecord/lib/active_record/relation/query_methods.rb
@@ -1086,11 +1086,7 @@ module ActiveRecord
 
     def preprocess_order_args(order_args)
       order_args.map! do |arg|
-        if arg.is_a?(Array) && arg.first.to_s.include?('?')
-          klass.send(:sanitize_sql, arg)
-        else
-          arg
-        end
+        klass.send(:sanitize_sql_for_order, arg)
       end
       order_args.flatten!
       validate_order_args(order_args)
diff --git a/activerecord/lib/active_record/sanitization.rb b/activerecord/lib/active_record/sanitization.rb
index 1cf4b09bf3..0c15f45db9 100644
--- a/activerecord/lib/active_record/sanitization.rb
+++ b/activerecord/lib/active_record/sanitization.rb
@@ -53,6 +53,22 @@ module ActiveRecord
         end
       end
 
+      # Accepts an array, or string of SQL conditions and sanitizes
+      # them into a valid SQL fragment for a ORDER clause.
+      #
+      #   sanitize_sql_for_order(["field(id, ?)", [1,3,2]])
+      #   # => "field(id, 1,3,2)"
+      #
+      #   sanitize_sql_for_order("id ASC")
+      #   # => "id ASC"
+      def sanitize_sql_for_order(condition)
+        if condition.is_a?(Array) && condition.first.to_s.include?('?')
+          sanitize_sql_array(condition)
+        else
+          condition
+        end
+      end
+
       # Accepts a hash of SQL conditions and replaces those attributes
       # that correspond to a {#composed_of}[rdoc-ref:Aggregations::ClassMethods#composed_of]
       # relationship with their expanded aggregate attribute values.
diff --git a/activerecord/test/cases/relation/mutation_test.rb b/activerecord/test/cases/relation/mutation_test.rb
index cc0034ffd1..d0f60a84b5 100644
--- a/activerecord/test/cases/relation/mutation_test.rb
+++ b/activerecord/test/cases/relation/mutation_test.rb
@@ -22,6 +22,10 @@ module ActiveRecord
       def sanitize_sql(sql)
         sql
       end
+
+      def sanitize_sql_for_order(sql)
+        sql
+      end
     end
 
     def relation
diff --git a/activerecord/test/cases/relation_test.rb b/activerecord/test/cases/relation_test.rb
index 675149556f..8794bc8043 100644
--- a/activerecord/test/cases/relation_test.rb
+++ b/activerecord/test/cases/relation_test.rb
@@ -20,6 +20,10 @@ module ActiveRecord
       def self.table_name
         'fake_table'
       end
+
+      def self.sanitize_sql_for_order(sql)
+        sql
+      end
     end
 
     def test_construction
-- 
cgit v1.2.3