Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added SQL escaping for :limit and :offset [#288 state:closed] (Aaron …
…Bedra, Steven Bristol, Jonathan Wiess)
  • Loading branch information
dhh committed May 31, 2008
1 parent a6e7908 commit ef0ea78
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 2 deletions.
Expand Up @@ -106,11 +106,16 @@ def add_limit!(sql, options)
# SELECT * FROM suppliers LIMIT 10 OFFSET 50
def add_limit_offset!(sql, options)
if limit = options[:limit]
sql << " LIMIT #{limit}"
sql << " LIMIT #{sanitize_limit(limit)}"
if offset = options[:offset]
sql << " OFFSET #{offset}"
sql << " OFFSET #{offset.to_i}"
end
end
sql
end

def sanitize_limit(limit)
limit.to_s[/,/] ? limit.split(',').map{ |i| i.to_i }.join(',') : limit.to_i
end

# Appends a locking clause to an SQL statement.
Expand Down
20 changes: 20 additions & 0 deletions activerecord/test/cases/adapter_test.rb
Expand Up @@ -104,4 +104,24 @@ def test_reset_table_with_non_integer_pk
end
end

def test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas
sql_inject = "1 select * from schema"
assert_equal " LIMIT 1", @connection.add_limit_offset!("", :limit=>sql_inject)
if current_adapter?(:MysqlAdapter)
assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
else
assert_equal " LIMIT 1 OFFSET 7", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
end
end

def test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
sql_inject = "1, 7 procedure help()"
if current_adapter?(:MysqlAdapter)
assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject)
assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
else
assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit=>sql_inject)
assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
end
end
end

0 comments on commit ef0ea78

Please sign in to comment.