This project is archived and is in readonly mode.

#6400 ✓committed
Ken Collins

Allow ARel SQL Literal Nodes For Limit

Reported by Ken Collins | February 9th, 2011 @ 04:17 PM

The v3.0.4 limit regression and security fix here [1] should allow for ARel's SQL literal values to pass thru sanitization intact. This patch just adds a few lines to allow that while changing the documentation a bit. This patch also adds the SQLServerAdapter to the list of adapters that should ignore comma seperated values for limit strings.

I guess it could be argued that anyone really wanting to put comma separated values as a limit can no just pass Arel.sql strings which would simplify this method. But I did not want to presume an implementation change to force people to do that. If deemed appropriate, I can resubmit another patch that officially removes support from that method for said parsing and this whole thing can be a lot simplier.


Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>