From 7a0ac05b1fa9cbfc83ea69c8fa29d70e7c4898cb Mon Sep 17 00:00:00 2001 From: Matteo Vaccari Date: Sat, 31 Oct 2009 16:34:49 +0100 Subject: [PATCH] fixed random text in literal strings being interpreted as table names --- activerecord/lib/active_record/associations.rb | 6 +++++- activerecord/test/cases/associations/eager_test.rb | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletions(-) diff --git a/activerecord/lib/active_record/associations.rb b/activerecord/lib/active_record/associations.rb index 03c8d4b..567c388 100755 --- a/activerecord/lib/active_record/associations.rb +++ b/activerecord/lib/active_record/associations.rb @@ -1760,8 +1760,12 @@ module ActiveRecord def tables_in_string(string) return [] if string.blank? - string.scan(/([a-zA-Z_][\.\w]+).?\./).flatten + remove_literal_strings(string).scan(/([a-zA-Z_][\.\w]+).?\./).flatten end + + def remove_literal_strings(string) + string.gsub(/'(\\'|[^'])*'|"(\\"|[^"])*"/, '') + end def tables_in_hash(hash) return [] if hash.blank? diff --git a/activerecord/test/cases/associations/eager_test.rb b/activerecord/test/cases/associations/eager_test.rb index d5a4d90..e9bd360 100644 --- a/activerecord/test/cases/associations/eager_test.rb +++ b/activerecord/test/cases/associations/eager_test.rb @@ -661,6 +661,24 @@ class EagerAssociationTest < ActiveRecord::TestCase end end + def test_eager_with_dots_in_query_string + developer = Developer.create! :name => 'foo.bar' + developer.audit_logs.create! :message => "Include me plz!" + assert_queries(2) do + # Before changes, the dot in the query string will cause random text to be interpreted as table names + Developer.find :all, :conditions => "name = 'foo.bar'", :include => :audit_logs + end + end + + def test_tables_in_string + assert_equal ["foo"], Developer.send(:tables_in_string, "foo.") + assert_equal [], Developer.send(:tables_in_string, "foo") + assert_equal [], Developer.send(:tables_in_string, "x in 'foo.bar'") + assert_equal [], Developer.send(:tables_in_string, 'x in "foo.bar"') + assert_equal ["foo"], Developer.send(:tables_in_string, "'\\'' foo. '\\''") + assert_equal ["foo"], Developer.send(:tables_in_string, '"\"" foo. "\""') + end + def test_preconfigured_includes_with_belongs_to author = posts(:welcome).author_with_posts assert_no_queries {assert_equal 5, author.posts.size} -- 1.6.0.2 From 5a8bc0574a02cd1bee69c8121901e18bfb613fda Mon Sep 17 00:00:00 2001 From: Matteo Vaccari Date: Thu, 5 Nov 2009 14:22:02 +0100 Subject: [PATCH] improve regexp for filtering out literal strings --- activerecord/lib/active_record/associations.rb | 2 +- activerecord/test/cases/associations/eager_test.rb | 3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) diff --git a/activerecord/lib/active_record/associations.rb b/activerecord/lib/active_record/associations.rb index 567c388..871c197 100755 --- a/activerecord/lib/active_record/associations.rb +++ b/activerecord/lib/active_record/associations.rb @@ -1764,7 +1764,7 @@ module ActiveRecord end def remove_literal_strings(string) - string.gsub(/'(\\'|[^'])*'|"(\\"|[^"])*"/, '') + string.gsub(/'(\\.|[^'])*'|"(\\.|[^"])*"/, '') end def tables_in_hash(hash) diff --git a/activerecord/test/cases/associations/eager_test.rb b/activerecord/test/cases/associations/eager_test.rb index e9bd360..2951764 100644 --- a/activerecord/test/cases/associations/eager_test.rb +++ b/activerecord/test/cases/associations/eager_test.rb @@ -677,6 +677,9 @@ class EagerAssociationTest < ActiveRecord::TestCase assert_equal [], Developer.send(:tables_in_string, 'x in "foo.bar"') assert_equal ["foo"], Developer.send(:tables_in_string, "'\\'' foo. '\\''") assert_equal ["foo"], Developer.send(:tables_in_string, '"\"" foo. "\""') + assert_equal [], Developer.send(:tables_in_string, "name = 'foo\\\\' AND 'foo.bar ' = number") + assert_equal [], Developer.send(:tables_in_string, "name = 'foo\\\\\\\\' AND 'foo.bar ' = number") + assert_equal [], Developer.send(:tables_in_string, 'name = "foo\\\\" AND "foo.bar " = number') end def test_preconfigured_includes_with_belongs_to -- 1.6.0.2