activerecord 3.0.4.rc1 → 3.0.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (4) hide show
  1. data/lib/active_record/connection_adapters/abstract/database_statements.rb +15 -15
  2. data/lib/active_record/relation/query_methods.rb +1 -1
  3. data/lib/active_record/version.rb +1 -1
  4. metadata +12 -17
data/lib/active_record/connection_adapters/abstract/database_statements.rb CHANGED
@@ -251,6 +251,21 @@ module ActiveRecord
251
251
  "WHERE #{quoted_primary_key} IN (SELECT #{quoted_primary_key} FROM #{quoted_table_name} #{where_sql})"
252
252
  end
253
253
 
254
+ # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
255
+ #
256
+ # +limit+ may be anything that can evaluate to a string via #to_s. It
257
+ # should look like an integer, or a comma-delimited list of integers.
258
+ #
259
+ # Returns the sanitized limit parameter, either as an integer, or as a
260
+ # string which contains a comma-delimited list of integers.
261
+ def sanitize_limit(limit)
262
+ if limit.to_s =~ /,/
263
+ Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',')
264
+ else
265
+ Integer(limit)
266
+ end
267
+ end
268
+
254
269
  protected
255
270
  # Returns an array of record hashes with the column names as keys and
256
271
  # column values as values.
@@ -274,21 +289,6 @@ module ActiveRecord
274
289
  update_sql(sql, name)
275
290
  end
276
291
 
277
- # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
278
- #
279
- # +limit+ may be anything that can evaluate to a string via #to_s. It
280
- # should look like an integer, or a comma-delimited list of integers.
281
- #
282
- # Returns the sanitized limit parameter, either as an integer, or as a
283
- # string which contains a comma-delimited list of integers.
284
- def sanitize_limit(limit)
285
- if limit.to_s =~ /,/
286
- limit.to_s.split(',').map{ |i| i.to_i }.join(',')
287
- else
288
- limit.to_i
289
- end
290
- end
291
-
292
292
  # Send a rollback message to all records after they have been rolled back. If rollback
293
293
  # is false, only rollback records since the last save point.
294
294
  def rollback_transaction_records(rollback) #:nodoc
data/lib/active_record/relation/query_methods.rb CHANGED
@@ -180,7 +180,7 @@ module ActiveRecord
180
180
 
181
181
  arel = arel.having(*@having_values.uniq.reject{|h| h.blank?}) unless @having_values.empty?
182
182
 
183
- arel = arel.take(@limit_value) if @limit_value
183
+ arel = arel.take(connection.sanitize_limit(@limit_value)) if @limit_value
184
184
  arel = arel.skip(@offset_value) if @offset_value
185
185
 
186
186
  arel = arel.group(*@group_values.uniq.reject{|g| g.blank?}) unless @group_values.empty?
data/lib/active_record/version.rb CHANGED
@@ -3,7 +3,7 @@ module ActiveRecord
3
3
  MAJOR = 3
4
4
  MINOR = 0
5
5
  TINY = 4
6
- PRE = "rc1"
6
+ PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
9
9
  end
metadata CHANGED
@@ -1,14 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- hash: 977940590
5
- prerelease: true
4
+ hash: 15
5
+ prerelease: false
6
6
  segments:
7
7
  - 3
8
8
  - 0
9
9
  - 4
10
- - rc1
11
- version: 3.0.4.rc1
10
+ version: 3.0.4
12
11
  platform: ruby
13
12
  authors:
14
13
  - David Heinemeier Hansson
@@ -16,7 +15,7 @@ autorequire:
16
15
  bindir: bin
17
16
  cert_chain: []
18
17
 
19
- date: 2011-01-31 00:00:00 +13:00
18
+ date: 2011-02-09 00:00:00 +13:00
20
19
  default_executable:
21
20
  dependencies:
22
21
  - !ruby/object:Gem::Dependency
@@ -27,13 +26,12 @@ dependencies:
27
26
  requirements:
28
27
  - - "="
29
28
  - !ruby/object:Gem::Version
30
- hash: 977940590
29
+ hash: 15
31
30
  segments:
32
31
  - 3
33
32
  - 0
34
33
  - 4
35
- - rc1
36
- version: 3.0.4.rc1
34
+ version: 3.0.4
37
35
  type: :runtime
38
36
  version_requirements: *id001
39
37
  - !ruby/object:Gem::Dependency
@@ -44,13 +42,12 @@ dependencies:
44
42
  requirements:
45
43
  - - "="
46
44
  - !ruby/object:Gem::Version
47
- hash: 977940590
45
+ hash: 15
48
46
  segments:
49
47
  - 3
50
48
  - 0
51
49
  - 4
52
- - rc1
53
- version: 3.0.4.rc1
50
+ version: 3.0.4
54
51
  type: :runtime
55
52
  version_requirements: *id002
56
53
  - !ruby/object:Gem::Dependency
@@ -211,14 +208,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
211
208
  required_rubygems_version: !ruby/object:Gem::Requirement
212
209
  none: false
213
210
  requirements:
214
- - - ">"
211
+ - - ">="
215
212
  - !ruby/object:Gem::Version
216
- hash: 25
213
+ hash: 3
217
214
  segments:
218
- - 1
219
- - 3
220
- - 1
221
- version: 1.3.1
215
+ - 0
216
+ version: "0"
222
217
  requirements: []
223
218
 
224
219
  rubyforge_project: activerecord