Add documentation for AbstractAdapter#sanitize_limit, and make its co…

…de more readable. Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1068 status:committed]
rails · Oct 9, 2008 · 28393e6 · 28393e6
1 parent aa4a7c3
commit 28393e6
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb b/activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb
@@ -120,10 +120,6 @@ def add_limit_offset!(sql, options)
         sql
       end
 
-      def sanitize_limit(limit)
-        limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i
-      end
-
       # Appends a locking clause to an SQL statement.
       # This method *modifies* the +sql+ parameter.
       #   # SELECT * FROM suppliers FOR UPDATE
@@ -185,6 +181,21 @@ def update_sql(sql, name = nil)
         def delete_sql(sql, name = nil)
           update_sql(sql, name)
         end
+
+        # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
+        #
+        # +limit+ may be anything that can evaluate to a string via #to_s. It
+        # should look like an integer, or a comma-delimited list of integers.
+        #
+        # Returns the sanitized limit parameter, either as an integer, or as a
+        # string which contains a comma-delimited list of integers.
+        def sanitize_limit(limit)
+          if limit.to_s =~ /,/
+            limit.to_s.split(',').map{ |i| i.to_i }.join(',')
+          else
+            limit.to_i
+          end
+        end
     end
   end
 end