activerecord 3.1.10 → 3.1.11

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of activerecord might be problematic. Click here for more details.

Files changed (9) hide show
  1. checksums.yaml +6 -6
  2. data/CHANGELOG.md +17 -5
  3. data/lib/active_record/base.rb +1 -1
  4. data/lib/active_record/connection_adapters/abstract/quoting.rb +8 -2
  5. data/lib/active_record/connection_adapters/mysql2_adapter.rb +0 -2
  6. data/lib/active_record/connection_adapters/mysql_adapter.rb +0 -2
  7. data/lib/active_record/relation/predicate_builder.rb +4 -0
  8. data/lib/active_record/version.rb +1 -1
  9. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: d3c49c6038597072b4626faa2b33eeb35d999414
4
- data.tar.gz: 3b2195c8e344d8b2473108036745233fb93686e8
5
- !binary "U0hBNTEy":
6
- metadata.gz: ad97f6c934b765a7f8f128c4a2c38fc2f965152feac00beaed09381cca330a21158cffdd490fe786e61fbdc0f0e627237bbc39500ebb419d7a275709e5468796
7
- data.tar.gz: 9b29dc983b2331729c1eff4da246a54681835e8bc6744fa502049b57d672f1e2aca88256412ccb3c96c9b76508be4e7fe974e2d3f868994455a924c8547df88f
2
+ SHA1:
3
+ metadata.gz: b0b0e3dda9642a618a998223568a92014fd55475
4
+ data.tar.gz: 719b6bde220e0abd79e27b6457c92d8ce8bb511b
5
+ SHA512:
6
+ metadata.gz: 53b2dbbc486b8b41dd447b6cdf66d1ca264c44ecc818cf1ef993ccc2e6a3d8b515f074c093f4d6e32908ca89bd6ed74673f97183c2c7310a065a06308b550bb7
7
+ data.tar.gz: b161018a09558875e58f7773aef6953f8bfeada2f21c98423de067f6c2d97e2680a43e6365426e040e5e79e49dd006687ada6c8941bcc7c214ac11f09ebbf5b7
data/CHANGELOG.md CHANGED
@@ -1,20 +1,32 @@
1
- ## Rails 3.1.10
1
+ ## Rails 3.1.11 (unreleased) ##
2
+
3
+ * Quote numeric values being compared to non-numeric columns. Otherwise,
4
+ in some database, the string column values will be coerced to a numeric
5
+ allowing 0, 0.0 or false to match any string starting with a non-digit.
6
+
7
+ Example:
8
+
9
+ App.where(apikey: 0) # => SELECT * FROM users WHERE apikey = '0'
10
+
11
+ *Dylan Smith*
12
+
13
+ ## Rails 3.1.10 (Jan 8, 2013) ##
2
14
 
3
15
  * Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
4
16
 
5
- ## Rails 3.1.9
17
+ ## Rails 3.1.9 (Jan 2, 2013) ##
6
18
 
7
19
  * CVE-2012-5664 ensure that options are never taken from the first parameter
8
20
 
9
- ## Rails 3.1.8 (Aug 9, 2012)
21
+ ## Rails 3.1.8 (Aug 9, 2012) ##
10
22
 
11
23
  * No changes.
12
24
 
13
- ## Rails 3.1.7 (Jul 26, 2012)
25
+ ## Rails 3.1.7 (Jul 26, 2012) ##
14
26
 
15
27
  * No changes.
16
28
 
17
- ## Rails 3.1.6 (Jun 12, 2012)
29
+ ## Rails 3.1.6 (Jun 12, 2012) ##
18
30
 
19
31
  * protect against the nesting of hashes changing the
20
32
  table context in the next call to build_from_hash. This fix
data/lib/active_record/base.rb CHANGED
@@ -2071,7 +2071,7 @@ MSG
2071
2071
  set_values = (1..3).collect{|position| values_hash_from_param[position].blank? ? 1 : values_hash_from_param[position]}
2072
2072
  begin
2073
2073
  Date.new(*set_values)
2074
- rescue ArgumentError => ex # if Date.new raises an exception on an invalid date
2074
+ rescue ArgumentError # if Date.new raises an exception on an invalid date
2075
2075
  instantiate_time_object(name, set_values).to_date # we instantiate Time object and convert it back to a date thus using Time's logic in handling invalid dates
2076
2076
  end
2077
2077
  end
data/lib/active_record/connection_adapters/abstract/quoting.rb CHANGED
@@ -25,13 +25,19 @@ module ActiveRecord
25
25
  when true, false
26
26
  if column && column.type == :integer
27
27
  value ? '1' : '0'
28
+ elsif column && [:text, :string, :binary].include?(column.type)
29
+ value ? "'1'" : "'0'"
28
30
  else
29
31
  value ? quoted_true : quoted_false
30
32
  end
31
33
  # BigDecimals need to be put in a non-normalized form and quoted.
32
34
  when nil then "NULL"
33
- when BigDecimal then value.to_s('F')
34
- when Numeric then value.to_s
35
+ when Numeric, ActiveSupport::Duration
36
+ value = BigDecimal === value ? value.to_s('F') : value.to_s
37
+ if column && ![:integer, :float, :decimal].include?(column.type)
38
+ value = "'#{value}'"
39
+ end
40
+ value
35
41
  when Date, Time then "'#{quoted_date(value)}'"
36
42
  when Symbol then "'#{quote_string(value.to_s)}'"
37
43
  else
data/lib/active_record/connection_adapters/mysql2_adapter.rb CHANGED
@@ -166,8 +166,6 @@ module ActiveRecord
166
166
  if value.kind_of?(String) && column && column.type == :binary && column.class.respond_to?(:string_to_binary)
167
167
  s = column.class.string_to_binary(value).unpack("H*")[0]
168
168
  "x'#{s}'"
169
- elsif value.kind_of?(BigDecimal)
170
- value.to_s("F")
171
169
  else
172
170
  super
173
171
  end
data/lib/active_record/connection_adapters/mysql_adapter.rb CHANGED
@@ -283,8 +283,6 @@ module ActiveRecord
283
283
  if value.kind_of?(String) && column && column.type == :binary && column.class.respond_to?(:string_to_binary)
284
284
  s = column.class.string_to_binary(value).unpack("H*")[0]
285
285
  "x'#{s}'"
286
- elsif value.kind_of?(BigDecimal)
287
- value.to_s("F")
288
286
  else
289
287
  super
290
288
  end
data/lib/active_record/relation/predicate_builder.rb CHANGED
@@ -49,6 +49,10 @@ module ActiveRecord
49
49
  when Class
50
50
  # FIXME: I think we need to deprecate this behavior
51
51
  attribute.eq(value.name)
52
+ when Integer, ActiveSupport::Duration
53
+ # Arel treats integers as literals, but they should be quoted when compared with strings
54
+ column = engine.connection_pool.columns_hash[table.name][attribute.name.to_s]
55
+ attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column)))
52
56
  else
53
57
  attribute.eq(value)
54
58
  end
data/lib/active_record/version.rb CHANGED
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 1
5
- TINY = 10
5
+ TINY = 11
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.10
4
+ version: 3.1.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-01-08 00:00:00.000000000 Z
11
+ date: 2013-02-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.1.10
19
+ version: 3.1.11
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.1.10
26
+ version: 3.1.11
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.1.10
33
+ version: 3.1.11
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.1.10
40
+ version: 3.1.11
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
225
225
  version: '0'
226
226
  requirements: []
227
227
  rubyforge_project:
228
- rubygems_version: 2.0.0.preview3
228
+ rubygems_version: 2.0.0.rc.2
229
229
  signing_key:
230
230
  specification_version: 4
231
231
  summary: Object-relational mapper framework (part of Rails).