activerecord 3.2.11 → 3.2.12

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of activerecord might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: 15dff0d8e4b58a0f40ac3a7d2ca4fe47f4cffcc5
4
- data.tar.gz: 4d7f2c2ce872a0a9c257842866d987eb137a2289
5
- !binary "U0hBNTEy":
6
- metadata.gz: f22193ea0cc6f227067da8e9dea39ed7bcbe07a02a83c44ef5b7b2bb2dd344081fc9f3f4daa0b062aabf39c4190795b94bafde1aa72c4d43e54ce74a467d5377
7
- data.tar.gz: f41409bf293b77322e45d4e554c670cc69d40233a484caad31b4523cf6f3029528a76302d9ae7ad8233059615fab42618b1d02a24667f76270602ffd175d27c7
2
+ SHA1:
3
+ metadata.gz: 41f4755c9a0e90c223bc3546bba991c54e447232
4
+ data.tar.gz: 79dd37a61899bc19b93cd5348b7995c0b08b3a40
5
+ SHA512:
6
+ metadata.gz: 24d5fa3615c010447bbf81eb13f38ef7fa1d90fe7f0aaefdd9a31479a79fbb44bd9945d9ab3300550c034d47b01ded7dcc51f4d5e4a48a8c4adceb2e08cbc62b
7
+ data.tar.gz: 340fb9aa98abe8ab95ff6b6103ee8cc2487099f7797a2c905e364ea70de8aefa33af017bf0ef8a34a2c1d8391a7dd2d892e79c108e7a376082bcb7b99e6db51f
@@ -1,4 +1,16 @@
1
- ## Rails 3.2.11 ##
1
+ ## Rails 3.2.12 (unreleased) ##
2
+
3
+ * Quote numeric values being compared to non-numeric columns. Otherwise,
4
+ in some database, the string column values will be coerced to a numeric
5
+ allowing 0, 0.0 or false to match any string starting with a non-digit.
6
+
7
+ Example:
8
+
9
+ App.where(apikey: 0) # => SELECT * FROM users WHERE apikey = '0'
10
+
11
+ *Dylan Smith*
12
+
13
+ ## Rails 3.2.11 (Jan 8, 2013) ##
2
14
 
3
15
  * Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
4
16
 
@@ -25,13 +25,19 @@ module ActiveRecord
25
25
  when true, false
26
26
  if column && column.type == :integer
27
27
  value ? '1' : '0'
28
+ elsif column && [:text, :string, :binary].include?(column.type)
29
+ value ? "'1'" : "'0'"
28
30
  else
29
31
  value ? quoted_true : quoted_false
30
32
  end
31
33
  # BigDecimals need to be put in a non-normalized form and quoted.
32
34
  when nil then "NULL"
33
- when BigDecimal then value.to_s('F')
34
- when Numeric then value.to_s
35
+ when Numeric, ActiveSupport::Duration
36
+ value = BigDecimal === value ? value.to_s('F') : value.to_s
37
+ if column && ![:integer, :float, :decimal].include?(column.type)
38
+ value = "'#{value}'"
39
+ end
40
+ value
35
41
  when Date, Time then "'#{quoted_date(value)}'"
36
42
  when Symbol then "'#{quote_string(value.to_s)}'"
37
43
  else
@@ -199,8 +199,6 @@ module ActiveRecord
199
199
  if value.kind_of?(String) && column && column.type == :binary && column.class.respond_to?(:string_to_binary)
200
200
  s = column.class.string_to_binary(value).unpack("H*")[0]
201
201
  "x'#{s}'"
202
- elsif value.kind_of?(BigDecimal)
203
- value.to_s("F")
204
202
  else
205
203
  super
206
204
  end
@@ -51,6 +51,10 @@ module ActiveRecord
51
51
  when Class
52
52
  # FIXME: I think we need to deprecate this behavior
53
53
  attribute.eq(value.name)
54
+ when Integer, ActiveSupport::Duration
55
+ # Arel treats integers as literals, but they should be quoted when compared with strings
56
+ column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s]
57
+ attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column)))
54
58
  else
55
59
  attribute.eq(value)
56
60
  end
@@ -2,7 +2,7 @@ module ActiveRecord
2
2
  module VERSION #:nodoc:
3
3
  MAJOR = 3
4
4
  MINOR = 2
5
- TINY = 11
5
+ TINY = 12
6
6
  PRE = nil
7
7
 
8
8
  STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.11
4
+ version: 3.2.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Heinemeier Hansson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-01-08 00:00:00.000000000 Z
11
+ date: 2013-02-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 3.2.11
19
+ version: 3.2.12
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 3.2.11
26
+ version: 3.2.12
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: activemodel
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - '='
32
32
  - !ruby/object:Gem::Version
33
- version: 3.2.11
33
+ version: 3.2.12
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - '='
39
39
  - !ruby/object:Gem::Version
40
- version: 3.2.11
40
+ version: 3.2.12
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: arel
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
245
245
  version: '0'
246
246
  requirements: []
247
247
  rubyforge_project:
248
- rubygems_version: 2.0.0.preview3
248
+ rubygems_version: 2.0.0.rc.2
249
249
  signing_key:
250
250
  specification_version: 4
251
251
  summary: Object-relational mapper framework (part of Rails).