RubyGems - mysql2 - Versions diffs - 0.2.11 → 0.2.12 - Mend

mysql2 0.2.11 → 0.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/CHANGELOG.md +4 -0
data/ext/mysql2/result.c +6 -1
data/lib/active_record/connection_adapters/mysql2_adapter.rb +1 -1
data/lib/mysql2/version.rb +1 -1
metadata +5 -5

data/CHANGELOG.md CHANGED

@@ -1,5 +1,9 @@
 # Changelog
+## 0.2.12 (August 16th, 2011)
+* ensure symbolized column names support encodings in 1.9
+* plugging sql vulnerability in mysql2 adapter
 ## 0.2.11 (June 17th, 2011)
 * fix bug in Time/DateTime range detection
 * (win32) fix bug where the Mysql2::Client object wasn't cleaned up properly if interrupted during a query

data/ext/mysql2/result.c CHANGED

@@ -114,10 +114,15 @@ static VALUE rb_mysql_result_fetch_field(VALUE self, unsigned int idx, short int
     field = mysql_fetch_field_direct(wrapper->result, idx);
     if (symbolize_keys) {
+      VALUE colStr;
       char buf[field->name_length+1];
       memcpy(buf, field->name, field->name_length);
       buf[field->name_length] = 0;
-      rb_field = ID2SYM(rb_intern(buf));
+      colStr = rb_str_new2(buf);
+#ifdef HAVE_RUBY_ENCODING_H
+      rb_enc_associate(colStr, rb_utf8_encoding());
+#endif
+      rb_field = ID2SYM(colStr);
     } else {
       rb_field = rb_str_new(field->name, field->name_length);
 #ifdef HAVE_RUBY_ENCODING_H

data/lib/active_record/connection_adapters/mysql2_adapter.rb CHANGED

@@ -157,7 +157,7 @@ module ActiveRecord
       end
       def quote_column_name(name) #:nodoc:
-        @quoted_column_names[name] ||= "`#{name}`"
+        @quoted_column_names[name] ||= "`#{name.to_s.gsub('`', '``')}`"
       end
       def quote_table_name(name) #:nodoc:

data/lib/mysql2/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Mysql2
-  VERSION = "0.2.11"
+  VERSION = "0.2.12"
 end

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: mysql2
 version: !ruby/object:Gem::Version
-  hash: 1
+  hash: 15
   prerelease:
   segments:
   - 0
   - 2
-  - 11
-  version: 0.2.11
+  - 12
+  version: 0.2.12
 platform: ruby
 authors:
 - Brian Lopez
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-06-17 00:00:00 -07:00
+date: 2011-08-16 00:00:00 -07:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -221,7 +221,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubyforge_project:
-rubygems_version: 1.3.10
+rubygems_version: 1.6.2
 signing_key:
 specification_version: 3
 summary: A simple, fast Mysql library for Ruby, binding to libmysql