acts_as_taggable 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +5 -0
- data/lib/taggable.rb +13 -7
- metadata +6 -8
- data/test/debug.log +0 -28508
data/CHANGELOG
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
2.0.1
|
2
|
+
FEATURE: Source code now available via Subversion
|
3
|
+
BUGFIX: Typo fix in find_related_tags
|
4
|
+
SECURITY BUGFIX: Added sanitizer to all tag searching to prevent SQL injection
|
5
|
+
|
1
6
|
2.0
|
2
7
|
FEATURE:Added in count_uniq_tagged with - (Patch by Lon Baker)
|
3
8
|
BUGFIX: Fixed typos - (Patch Blair Zajac)
|
data/lib/taggable.rb
CHANGED
@@ -263,8 +263,10 @@ module ActiveRecord
|
|
263
263
|
|
264
264
|
o, o_pk, o_fk, t, tn, t_pk, t_fk, jt = set_locals_for_sql
|
265
265
|
sql = "SELECT #{o}.* FROM #{jt}, #{o}, #{t} WHERE #{jt}.#{t_fk} = #{t}.#{t_pk}
|
266
|
-
AND (#{t}.#{tn} = '#{tag_names.join("' OR #{t}.#{tn}='")}')
|
267
266
|
AND #{o}.#{o_pk} = #{jt}.#{o_fk}"
|
267
|
+
sql << " AND ("
|
268
|
+
sql << tag_names.collect {|tag| sanitize_sql( ["#{t}.#{tn} = ?",tag])}.join(" OR ")
|
269
|
+
sql << ")"
|
268
270
|
sql << " AND #{sanitize_sql(options[:conditions])}" if options[:conditions]
|
269
271
|
sql << " GROUP BY #{o}.#{o_pk}"
|
270
272
|
sql << " HAVING COUNT(#{o}.#{o_pk}) = #{tag_names.length}" if options[:all]
|
@@ -342,9 +344,11 @@ module ActiveRecord
|
|
342
344
|
|
343
345
|
o, o_pk, o_fk, t, tn, t_pk, t_fk, jt = set_locals_for_sql
|
344
346
|
sql = "SELECT COUNT(DISTINCT #{o}.#{o_pk}) FROM #{jt}, #{o}, #{t} WHERE #{jt}.#{t_fk} = #{t}.#{t_pk}
|
345
|
-
AND (#{t}.#{tn} = '#{tag_names.join("' OR #{t}.#{tn} ='")}')
|
346
347
|
AND #{o}.#{o_pk} = #{jt}.#{o_fk}"
|
347
|
-
|
348
|
+
sql << " AND ("
|
349
|
+
sql << tag_names.collect {|tag| sanitize_sql( ["#{t}.#{tn} = ?",tag])}.join(" OR ")
|
350
|
+
sql << ")"
|
351
|
+
sql << " AND #{sanitize_sql(options[:conditions])}" if options[:conditions]
|
348
352
|
count_by_sql(sql)
|
349
353
|
end
|
350
354
|
|
@@ -395,15 +399,17 @@ module ActiveRecord
|
|
395
399
|
o, o_pk, o_fk, t, tn, t_pk, t_fk, jt = set_locals_for_sql
|
396
400
|
|
397
401
|
sql = "SELECT jt.#{o_fk} AS o_id FROM #{jt} jt, #{t} t
|
398
|
-
WHERE jt.#{t_fk} = t.#{t_pk}
|
399
|
-
|
400
|
-
|
402
|
+
WHERE jt.#{t_fk} = t.#{t_pk} "
|
403
|
+
sql << " AND ( t.#{tn} IN ("
|
404
|
+
sql << tag_names.uniq.collect {|tag| sanitize_sql(tag)}.join(",")
|
405
|
+
sql << "))"
|
406
|
+
sql << "GROUP BY jt.#{o_fk}
|
401
407
|
HAVING COUNT(jt.#{o_fk})=#{tag_names.length}"
|
402
408
|
|
403
409
|
o_ids = connection.select_all(sql).map { |row| row['o_id'] }
|
404
410
|
return options[:raw] ? [] : {} if o_ids.length < 1
|
405
411
|
|
406
|
-
sql = "SELECT t.#{t_pk} AS id, t.#{
|
412
|
+
sql = "SELECT t.#{t_pk} AS id, t.#{tn} AS #{tn}, COUNT(jt.#{o_fk}) AS count FROM #{jt} jt, #{t} t
|
407
413
|
WHERE jt.#{o_fk} IN (#{o_ids.join(",")})
|
408
414
|
AND t.#{t_pk} = jt.#{t_fk}
|
409
415
|
GROUP BY jt.#{t_fk}
|
metadata
CHANGED
@@ -3,14 +3,14 @@ rubygems_version: 0.8.11
|
|
3
3
|
specification_version: 1
|
4
4
|
name: acts_as_taggable
|
5
5
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 2.0.
|
7
|
-
date: 2006-
|
6
|
+
version: 2.0.1
|
7
|
+
date: 2006-08-02 00:00:00 -05:00
|
8
8
|
summary: An acts-as Mixin for easy applying and searching tags/folksnomies on Active Record objects
|
9
9
|
require_paths:
|
10
10
|
- lib
|
11
|
-
email:
|
12
|
-
homepage:
|
13
|
-
rubyforge_project:
|
11
|
+
email: ruby @nospam@ economysizegeek.com
|
12
|
+
homepage:
|
13
|
+
rubyforge_project:
|
14
14
|
description:
|
15
15
|
autorequire: taggable
|
16
16
|
default_executable:
|
@@ -26,12 +26,10 @@ platform: ruby
|
|
26
26
|
signing_key:
|
27
27
|
cert_chain:
|
28
28
|
authors:
|
29
|
-
- Demetrius Nunes,
|
29
|
+
- Demetrius Nunes,Dirk Elmendorf
|
30
30
|
files:
|
31
31
|
- lib/taggable.rb
|
32
|
-
- test/fixtures
|
33
32
|
- test/acts_as_taggable_test.rb
|
34
|
-
- test/debug.log
|
35
33
|
- README
|
36
34
|
- CHANGELOG
|
37
35
|
test_files: []
|