Eager association loading sanitizes conditions using the wrong table
Reported by Will Bryant | September 24th, 2008 @ 10:59 AM | in 2.x
If you have an association with conditions in hash form:
class Project < ActiveRecord::Base
has_many :tasks, :conditions => {:deleted_at => nil}
end
class Task < ActiveRecord::Base
belongs_to :project
end
and you eagerly load the association:
Project.find(:all, :include => :tasks)
then the deleted_at column in the condition gets expanded out to
projects.deleted_at - when it should be
tasks.deleted_at.
This is bad... if you're lucky it means these loads fail, if you're unlucky and have the same-named columns on the owner table, your app just misbehaves badly.
The attached patch calls the sanitiized_conditions method on the reflection which proxies the sanitize_sql call through to the target class, not the owner class, fixing this.
This bug is present in 2.1.0, 2.1.1, and edge. The attached patch is against edge. The first of the two commits in the patch is an additional test case showing the issue.
Comments and changes to this ticket
-
Will Bryant September 24th, 2008 @ 11:02 AM
For the convenience of anyone who needs to patch this on their project running the released version of rails, here's a backport against your frozen-in vendor/rails 2.1.1.
-
Will Bryant September 24th, 2008 @ 12:14 PM
Erm, ignore the ticket number in that second filename :).
-
Will Bryant September 27th, 2008 @ 05:04 AM
Backported to the 2-1-stable repository, since that's diverged from 2.1.1 release far enough for that not to apply.
-
Repository September 29th, 2008 @ 04:52 PM
(from [7823c50c975df975ca3237bfbe9ca0b3c60f6b6d]) fix eager loading's :condition sanitizing expanding against the wrong table
Signed-off-by: Michael Koziarski michael@koziarski.com [#1101 state:commited] http://github.com/rails/rails/co...
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Source available from github
The Git repository resides at http://github.com/rails
Check out the current development trunk (Edge Rails) with:
git clone git://github.com/rails/rails.git
Creating or reviewing a patch
See the contributor guide.
Creating a feature request
Please don't. If you want a new feature in Rails, you'll have to pull up your sleeves and get busy yourself. Or convince someone else to do it. See the contributor guide on how to get going. But posting them here is just going to lead to ticket root.
Creating a bug report
When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.
Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.
Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".
