This project is archived and is in readonly mode.
![Ken Collins Ken Collins](https://entp-lh-avatar-production.s3.amazonaws.com/avatars/15346/large.jpg?AWSAccessKeyId=AKIAJ4QBZRZBVMOUBNZA&Expires=2014621628&Signature=yVaTh%2BhIvw3PjNu20nPm36mQLeM%3D)
Allow ARel SQL Literal Nodes For Limit
Reported by Ken Collins | February 9th, 2011 @ 04:17 PM
The v3.0.4 limit regression and security fix here [1] should allow for ARel's SQL literal values to pass thru sanitization intact. This patch just adds a few lines to allow that while changing the documentation a bit. This patch also adds the SQLServerAdapter to the list of adapters that should ignore comma seperated values for limit strings.
I guess it could be argued that anyone really wanting to put comma separated values as a limit can no just pass Arel.sql strings which would simplify this method. But I did not want to presume an implementation change to force people to do that. If deemed appropriate, I can resubmit another patch that officially removes support from that method for said parsing and this whole thing can be a lot simplier.
[1] https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa...
Comments and changes to this ticket
-
Aaron Patterson February 9th, 2011 @ 04:33 PM
- State changed from new to committed
- Importance changed from to Low
Applied and pushed. Thanks!
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>