RubyGems - activerecord - Versions diffs - 1.14.3 → 1.14.4 - Mend

activerecord 1.14.3 → 1.14.4

This version of activerecord might be problematic. Click here for more details.

Files changed (8) hide show

data/CHANGELOG CHANGED

@@ -1,5 +1,18 @@
+*1.14.4* (August 8th, 2006)
+* Add warning about the proper way to validate the presence of a foreign key.  #4147 [Francois Beausoleil <francois.beausoleil@gmail.com>]
+* Fix syntax error in documentation. #4679 [mislav@nippur.irb.hr]
+* Update inconsistent migrations documentation. #4683 [machomagna@gmail.com]
 *1.14.3* (June 27th, 2006)
+* Fix announcement of very long migration names.  #5722 [blake@near-time.com]
+* Update callbacks documentation. #3970 [Robby Russell <robby@planetargon.com>]
 * Properly quote index names in migrations (closes #4764) [John Long]
 * Ensure that Associations#include_eager_conditions? checks both scoped and explicit conditions [Rick]

data/lib/active_record/base.rb CHANGED

@@ -175,7 +175,7 @@ module ActiveRecord #:nodoc:
   #     serialize :preferences
   #   end
   #
-  #   user = User.create(:preferences) => { "background" => "black", "display" => large })
+  #   user = User.create(:preferences => { "background" => "black", "display" => large })
   #   User.find(user.id).preferences # => { "background" => "black", "display" => large }
   #
   # You can also specify a class option as the second parameter that'll raise an exception if a serialized object is retrieved as a

@@ -243,6 +243,10 @@ module ActiveRecord
     def before_save() end
     # Is called _after_ Base.save (regardless of whether it's a create or update save).
+    #
+    #  class Contact < ActiveRecord::Base
+    #    after_save { logger.info( 'New contact saved!' ) }
+    #  end
     def after_save()  end
     def create_or_update_with_callbacks #:nodoc:
       return false if callback(:before_save) == false
@@ -312,9 +316,16 @@ module ActiveRecord
     end
     # Is called _before_ Base.destroy.
+    #
+    # Note: If you need to _destroy_ or _nullify_ associated records first,
+    # use the _:dependent_ option on your associations.
     def before_destroy() end
     # Is called _after_ Base.destroy (and all the attributes have been frozen).
+    #
+    #  class Contact < ActiveRecord::Base
+    #    after_destroy { |record| logger.info( "Contact #{record.id} was destroyed." ) }
+    #  end
     def after_destroy()  end
     def destroy_with_callbacks #:nodoc:
       return false if callback(:before_destroy) == false

@@ -70,8 +70,8 @@ module ActiveRecord
   # * <tt>change_column(table_name, column_name, type, options)</tt>:  Changes the column to a different type using the same
   #   parameters as add_column.
   # * <tt>remove_column(table_name, column_name)</tt>: Removes the column named +column_name+ from the table called +table_name+.
-  # * <tt>add_index(table_name, column_name, index_type)</tt>: Add a new index with the name of the column on the column. Specify an optional index_type (e.g. UNIQUE).
-  # * <tt>remove_index(table_name, column_name)</tt>: Remove the index called the same as the column.
+  # * <tt>add_index(table_name, column_names, index_type, index_name)</tt>: Add a new index with the name of the column, or +index_name+ (if specified) on the column(s). Specify an optional +index_type+ (e.g. UNIQUE).
+  # * <tt>remove_index(table_name, index_name)</tt>: Remove the index specified by +index_name+.
   #
   # == Irreversible transformations
   #
@@ -243,7 +243,8 @@ module ActiveRecord
       def announce(message)
         text = "#{name}: #{message}"
-        write "== %s %s" % [ text, "=" * (75 - text.length) ]
+        length = [0, 75 - text.length].max
+        write "== %s %s" % [text, "=" * length]
       end
       def say(message, subitem=false)

@@ -381,6 +381,18 @@ module ActiveRecord
       # * <tt>if</tt> - Specifies a method, proc or string to call to determine if the validation should
       # occur (e.g. :if => :allow_validation, or :if => Proc.new { |user| user.signup_step > 2 }).  The
       # method, proc or string should return or evaluate to a true or false value.
+      #
+      # === Warning
+      # Validate the presence of the foreign key, not the instance variable itself.
+      # Do this:
+      #  validate_presence_of :invoice_id
+      #
+      # Not this:
+      #  validate_presence_of :invoice
+      #
+      # If you validate the presence of the associated object, you will get
+      # failures on saves when both the parent object and the child object are
+      # new.
       def validates_presence_of(*attr_names)
         configuration = { :message => ActiveRecord::Errors.default_error_messages[:blank], :on => :save }
         configuration.update(attr_names.pop) if attr_names.last.is_a?(Hash)

@@ -2,7 +2,7 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 1
     MINOR = 14
-    TINY  = 3
+    TINY  = 4
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/test/base_test.rb CHANGED

@@ -922,6 +922,16 @@ class BasicsTest < Test::Unit::TestCase
     assert_equal("<baz>", inverted["quux"])
   end
+  def test_sql_injection_via_find
+    assert_raises(ActiveRecord::RecordNotFound) do
+      Topic.find("123456 OR id > 0")
+    end
+    assert_raises(ActiveRecord::RecordNotFound) do
+      Topic.find(";;; this should raise an RecordNotFound error")
+    end
+  end
   def test_column_name_properly_quoted
     col_record = ColumnName.new
     col_record.references = 40

metadata CHANGED

@@ -3,8 +3,8 @@ rubygems_version: 0.8.11
 specification_version: 1
 name: activerecord
 version: !ruby/object:Gem::Version
-  version: 1.14.3
-date: 2006-06-27 00:00:00 -05:00
+  version: 1.14.4
+date: 2006-08-09 00:00:00 -05:00
 summary: Implements the ActiveRecord pattern for ORM.
 require_paths:
 - lib