sequel 4.31.0 → 4.32.0

data/lib/sequel/adapters/jdbc.rb

@@ -632,7 +632,8 @@ module Sequel
             :allow_null=>(h[:nullable] != 0),
             :primary_key=>pks.include?(h[:column_name]),
             :column_size=>h[:column_size],
-            :scale=>h[:decimal_digits]
+            :scale=>h[:decimal_digits],
+            :remarks=>h[:remarks]
           }
           if s[:primary_key]
             s[:auto_increment] = h[:is_autoincrement] == "YES"

data/lib/sequel/adapters/postgres.rb

@@ -306,10 +306,9 @@ module Sequel
 
       # Disconnect given connection
       def disconnect_connection(conn)
-        begin
-          conn.finish
-        rescue PGError, IOError
-        end
+        conn.finish
+      rescue PGError, IOError
+        nil
       end
 
       if SEQUEL_POSTGRES_USES_PG && Object.const_defined?(:PG) && ::PG.const_defined?(:Constants) && ::PG::Constants.const_defined?(:PG_DIAG_SCHEMA_NAME)

data/lib/sequel/adapters/shared/mysql.rb

@@ -682,6 +682,18 @@ module Sequel
       def calc_found_rows
         clone(:calc_found_rows => true)
       end
+
+      # Sets up the select methods to delete from if deleting from a
+      # joined dataset:
+      #
+      #   DB[:a].join(:b, :a_id=>:id).delete
+      #   # DELETE a FROM a INNER JOIN b ON (b.a_id = a.id)
+      #
+      #   DB[:a].join(:b, :a_id=>:id).delete_from(:a, :b).delete
+      #   # DELETE a, b FROM a INNER JOIN b ON (b.a_id = a.id)
+      def delete_from(*tables)
+        clone(:delete_from=>tables)
+      end
       
       # Return the results of an EXPLAIN query as a string. Options:
       # :extended :: Use EXPLAIN EXPTENDED instead of EXPLAIN if true.
@@ -847,7 +859,8 @@ module Sequel
       def delete_from_sql(sql)
         if joined_dataset?
           sql << SPACE
-          source_list_append(sql, @opts[:from][0..0])
+          tables = @opts[:delete_from] || @opts[:from][0..0]
+          source_list_append(sql, tables)
           sql << FROM
           source_list_append(sql, @opts[:from])
           select_join_sql(sql)

data/lib/sequel/adapters/shared/sqlite.rb

@@ -13,9 +13,9 @@ module Sequel
       AUTO_VACUUM = [:none, :full, :incremental].freeze
       PRIMARY_KEY_INDEX_RE = /\Asqlite_autoindex_/.freeze
       SYNCHRONOUS = [:off, :normal, :full].freeze
-      TABLES_FILTER = "type = 'table' AND NOT name = 'sqlite_sequence'".freeze
+      TABLES_FILTER = Sequel.~(:name=>'sqlite_sequence'.freeze) & {:type => 'table'.freeze}
       TEMP_STORE = [:default, :file, :memory].freeze
-      VIEWS_FILTER = "type = 'view'".freeze
+      VIEWS_FILTER = {:type => 'view'.freeze}.freeze
       TRANSACTION_MODE = {
         :deferred => "BEGIN DEFERRED TRANSACTION".freeze,
         :immediate => "BEGIN IMMEDIATE TRANSACTION".freeze,

data/lib/sequel/extensions/_pretty_table.rb

@@ -7,6 +7,8 @@
 # To load the extension:
 #
 #   Sequel.extension :_pretty_table
+#
+# Related module: Sequel::PrettyTable
 
 #
 module Sequel

data/lib/sequel/extensions/arbitrary_servers.rb

@@ -54,6 +54,8 @@
 # pool.  If you are using the sharded single connection pool, you need
 # to switch to the sharded threaded connection pool before using this
 # extension.
+#
+# Related module: Sequel::ArbitraryServers
 
 #
 module Sequel

data/lib/sequel/extensions/columns_introspection.rb

@@ -16,6 +16,8 @@
 # To attempt to introspect columns for all datasets on a single database:
 #
 #   DB.extension(:columns_introspection)
+#
+# Related module: Sequel::ColumnsIntrospection
 
 #
 module Sequel

data/lib/sequel/extensions/connection_validator.rb

@@ -44,6 +44,8 @@
 # threaded pools work fine even in single threaded code, so if
 # you are currently using a single threaded pool and want to
 # use this extension, switch to using a threaded pool.
+#
+# Related module: Sequel::ConnectionValidator
 
 #
 module Sequel

data/lib/sequel/extensions/constraint_validations.rb

@@ -123,6 +123,8 @@
 #   <tt>drop_constraint_validations_for(:table=>'table')</tt>, and then
 #   readd all constraints you want to use inside the alter table block,
 #   making no other changes inside the alter_table block.
+#
+# Related module: Sequel::ConstraintValidations
 
 #
 module Sequel

data/lib/sequel/extensions/core_extensions.rb

@@ -3,11 +3,7 @@
 # These are extensions to core classes that Sequel enables by default.
 # They make using Sequel's DSL easier by adding methods to Array,
 # Hash, String, and Symbol to add methods that return Sequel
-# expression objects.
-#
-# This extension is currently loaded by default, but that will no
-# longer be true in Sequel 4.  Starting in Sequel 4, you will
-# need to load it manually via:
+# expression objects.  To load the extension:
 #
 #   Sequel.extension :core_extensions
 

data/lib/sequel/extensions/current_datetime_timestamp.rb

@@ -22,6 +22,8 @@
 # datasets of a given database.
 #
 #   DB.extension(:current_datetime_timestamp)
+#
+# Related module: Sequel::CurrentDateTimeTimestamp
 
 #
 module Sequel

data/lib/sequel/extensions/dataset_source_alias.rb

@@ -37,6 +37,8 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:dataset_source_alias)
+#
+# Related module: Sequel::Dataset::DatasetSourceAlias
 
 #
 module Sequel

data/lib/sequel/extensions/date_arithmetic.rb

@@ -25,6 +25,8 @@
 # Sequel expressions are allowed:
 #
 #   DB[:table].select(add.as(:d)).where(sub > Sequel::CURRENT_TIMESTAMP)
+#
+# Related module: Sequel::SQL::DateAdd
 
 #
 module Sequel

data/lib/sequel/extensions/empty_array_consider_nulls.rb

@@ -21,11 +21,13 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:empty_array_consider_nulls)
+#
+# Related module: Sequel::EmptyArrayConsiderNulls
 
 #
 module Sequel
   module EmptyArrayConsiderNulls
-    # Use a simple expression that is always true or false, never NULL.
+    # Use an expression that returns NULL if the column value is NULL.
     def empty_array_value(op, cols)
       c = Array(cols)
       SQL::BooleanExpression.from_value_pairs(c.zip(c), :AND, op == :IN)

data/lib/sequel/extensions/error_sql.rb

@@ -29,6 +29,8 @@
 # To load the extension into the database:
 #
 #   DB.extension :error_sql
+#
+# Related module: Sequel::ErrorSQL
 
 #
 module Sequel

data/lib/sequel/extensions/eval_inspect.rb

@@ -13,6 +13,8 @@
 # To load the extension:
 #
 #   Sequel.extension :eval_inspect
+#
+# Related module: Sequel::EvalInspect
 
 #
 module Sequel

data/lib/sequel/extensions/filter_having.rb

@@ -15,6 +15,8 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:filter_having)
+#
+# Related module: Sequel::FilterHaving
 
 #
 module Sequel

data/lib/sequel/extensions/from_block.rb

@@ -13,6 +13,8 @@
 # To load the extension into the database:
 #
 #   DB.extension :from_block
+#
+# Related module: Sequel::Database::FromBlock
 
 #
 module Sequel

data/lib/sequel/extensions/graph_each.rb

@@ -16,6 +16,8 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:graph_each)
+#
+# Related module: Sequel::GraphEach
 
 #
 module Sequel

data/lib/sequel/extensions/hash_aliases.rb

@@ -15,6 +15,8 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:hash_aliases)
+#
+# Related module: Sequel::HashAliases
 
 #
 module Sequel

data/lib/sequel/extensions/inflector.rb

@@ -8,6 +8,8 @@
 # To load the extension:
 #
 #   Sequel.extension :inflector
+#
+# Related module: String::Inflections
 
 class String
   # This module acts as a singleton returned/yielded by String.inflections,

data/lib/sequel/extensions/looser_typecasting.rb

@@ -11,6 +11,8 @@
 # To load the extension into the database:
 #
 #   DB.extension :looser_typecasting
+#
+# Related module: Sequel::LooserTypecasting
 
 #
 module Sequel
@@ -25,7 +27,7 @@ module Sequel
       value.to_i
     end
 
-    # Typecast the value to an Integer using to_i instead of Kernel.Integer
+    # Typecast the value to an String using to_s instead of Kernel.String
     def typecast_value_string(value)
       value.to_s
     end

data/lib/sequel/extensions/meta_def.rb

@@ -6,6 +6,8 @@
 # not recommended for usage in new code.  To load this extension:
 #
 #   Sequel.extension :meta_def
+#
+# Related module: Sequel::Metaprogramming
 
 #
 module Sequel

data/lib/sequel/extensions/migration.rb

@@ -7,6 +7,10 @@
 # To load the extension:
 #
 #   Sequel.extension :migration
+#
+# Related modules: Sequel::Migration, Sequel::SimpleMigration,
+# Sequel::MigrationDSL, Sequel::MigrationReverser, Sequel::MigrationAlterTableReverser,
+# Sequel::Migrator, Sequel::IntegerMigrator, Sequel::TimestampMigrator
 
 #
 module Sequel

data/lib/sequel/extensions/mssql_emulate_lateral_with_apply.rb

@@ -23,6 +23,8 @@
 # Or you can load it into all of a database's datasets:
 #
 #   DB.extension(:mssql_emulate_lateral_with_apply)
+#
+# Related module: Sequel::MSSQL::EmulateLateralWithApply
 
 #
 module Sequel

data/lib/sequel/extensions/named_timezones.rb

@@ -38,6 +38,8 @@
 # timezone when fetching rows is dependent on the database adapter,
 # and only works on adapters where Sequel itself does the conversion.
 # It should work on mysql, postgres, sqlite, ibmdb, and jdbc.
+#
+# Related module: Sequel::NamedTimezones
 
 require 'tzinfo'
 

data/lib/sequel/extensions/no_auto_literal_strings.rb

@@ -0,0 +1,84 @@
+# frozen-string-literal: true
+#
+# The no_auto_literal_strings extension removes Sequel's automatic conversion
+# of strings to literal strings in the dataset filter methods.  By default,
+# Sequel considers a string passed to a filter method as a literal string:
+#
+#   DB[:table].where("name > 'A'")
+#
+# This is fine, except when the string is derived from user input:
+#
+#   DB[:table].where("name > '#{params[:user]}'") # SQL Injection!
+#
+# Sequel does support using placeholders for such strings:
+#
+#   DB[:table].where("name > ?", params[:user].to_s) # Safe
+#
+# However, if you forget to user placeholders, and pass a string to a filter
+# method that is derived from user input, you open yourself up to SQL injection.
+# With this extension, using a plain string in a filter method will result
+# in an exception being raised.  You either need to explicitly use a literal
+# string:
+#
+#   DB[:table].where(Sequel.lit("name > ?", params[:user].to_s))
+#
+# or you need to construct the same SQL using a non-string based approach:
+#
+#   DB[:table].where{|o| o.name > params[:user].to_s}
+#
+# Note that as listed in Sequel's security guide, a large number of dataset
+# methods call down to a filtering method, and this protects all of those
+# cases.
+#
+# This extension also protects the use of a plain string passed to Dataset#update:
+#
+#   DB[:table].update("column = column + 1")
+#
+# Again, you either need to explicitly use a literal string:
+#
+#   DB[:table].update(Sequel.lit("column = column + 1"))
+#
+# or construct the same SQL using a non-string based approach:
+#
+#   DB[:table].update(:column => Sequel.expr(:column) + 1)
+#
+# Related module: Sequel::Dataset::NoAutoLiteralStrings
+
+#
+module Sequel
+  class Dataset
+    module NoAutoLiteralStrings
+      # Raise an error if passing a plain string or an array whose first
+      # entry is a plain string.
+      def filter_expr(expr = nil)
+        case expr
+        when LiteralString
+          super
+        when String
+          raise Error, "plain string passed to a dataset filtering method"
+        when Array
+          if expr.first.is_a?(String) && !expr.first.is_a?(LiteralString)
+            raise Error, "plain string passed to a dataset filtering method"
+          end
+          super
+        else
+          super
+        end
+      end
+
+      # Raise an error if passing a plain string.
+      def update_sql(values=OPTS)
+        case values
+        when LiteralString
+          super
+        when String
+          raise Error, "plain string passed to a dataset filtering method"
+        else
+          super
+        end
+      end
+    end
+
+    register_extension(:no_auto_literal_strings, NoAutoLiteralStrings)
+  end
+end

data/lib/sequel/extensions/null_dataset.rb

@@ -32,6 +32,8 @@
 # To add the nullify method to all datasets on a single database:
 #
 #   DB.extension(:null_dataset)
+#
+# Related modules: Sequel::Dataset::Nullifiable, Sequel::Dataset::NullDataset
 
 #
 module Sequel

data/lib/sequel/extensions/pagination.rb

@@ -27,6 +27,8 @@
 # is probably the desired behavior if you are using this extension:
 #
 #   DB.extension(:pagination)
+#
+# Related modules: Sequel::DatasetPagination, Sequel::Dataset::Pagination
 
 #
 module Sequel

data/lib/sequel/extensions/pg_array.rb

@@ -41,10 +41,6 @@
 # See the {schema modification guide}[rdoc-ref:doc/schema_modification.rdoc]
 # for details on using postgres array columns in CREATE/ALTER TABLE statements.
 #
-# If you are not using the native postgres or jdbc/postgresql adapter and are using array
-# types as model column values you probably should use the the pg_typecast_on_load plugin
-# if the column values are returned as a string.
-#
 # This extension by default includes handlers for array types for
 # all scalar types that the native postgres adapter handles. It
 # also makes it easy to add support for other array types.  In
@@ -84,6 +80,8 @@
 # operators, look into the pg_array_ops extension.
 #
 # This extension requires the strscan and delegate libraries.
+#
+# Related module: Sequel::Postgres::PGArray
 
 require 'delegate'
 require 'strscan'

data/lib/sequel/extensions/pg_array_ops.rb

@@ -66,6 +66,8 @@
 #
 # In order for #hstore to automatically wrap the returned value correctly in
 # an HStoreOp, you need to load the pg_hstore_ops extension.
+#
+# Related module: Sequel::Postgres::ArrayOp
 
 #
 module Sequel