This project is archived and is in readonly mode.
Allow ARel SQL Literal Nodes For Limit
Reported by Ken Collins | February 9th, 2011 @ 04:17 PM
The v3.0.4 limit regression and security fix here [1] should allow for ARel's SQL literal values to pass thru sanitization intact. This patch just adds a few lines to allow that while changing the documentation a bit. This patch also adds the SQLServerAdapter to the list of adapters that should ignore comma seperated values for limit strings.
I guess it could be argued that anyone really wanting to put comma separated values as a limit can no just pass Arel.sql strings which would simplify this method. But I did not want to presume an implementation change to force people to do that. If deemed appropriate, I can resubmit another patch that officially removes support from that method for said parsing and this whole thing can be a lot simplier.
[1] https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa...
Comments and changes to this ticket
-
Aaron Patterson February 9th, 2011 @ 04:33 PM
- State changed from new to committed
- Importance changed from to Low
Applied and pushed. Thanks!
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>