This project is archived and is in readonly mode.

#6400 ✓committed
Ken Collins

Allow ARel SQL Literal Nodes For Limit

Reported by Ken Collins | February 9th, 2011 @ 04:17 PM

The v3.0.4 limit regression and security fix here [1] should allow for ARel's SQL literal values to pass thru sanitization intact. This patch just adds a few lines to allow that while changing the documentation a bit. This patch also adds the SQLServerAdapter to the list of adapters that should ignore comma seperated values for limit strings.

I guess it could be argued that anyone really wanting to put comma separated values as a limit can no just pass Arel.sql strings which would simplify this method. But I did not want to presume an implementation change to force people to do that. If deemed appropriate, I can resubmit another patch that officially removes support from that method for said parsing and this whole thing can be a lot simplier.

[1] https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa...

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Attachments

Pages