Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Wow, this plugin didn't even sanitize conditions? Now it does.

  • Loading branch information...
commit 485bdd5e52c691fb1976c966284a190262c50f5d 1 parent 3ec07b5
Jason Stewart authored
Showing with 24 additions and 23 deletions.
  1. +24 −23 lib/is_paranoid.rb
47 lib/is_paranoid.rb
View
@@ -45,7 +45,8 @@ def has_many(association_id, options = {}, &extension)
if options.key?(:through)
_table_name = self.reflect_on_association(options[:through]).table_name
conditions = "#{_table_name}.#{destroyed_field} #{is_or_equals_not_destroyed}"
- options[:conditions] = "(" + [options[:conditions], conditions].compact.join(") AND (") + ")"
+ sanitized_conditions = self.send(:sanitize_sql, options[:conditions])
+ options[:conditions] = "(" + [sanitized_conditions, conditions].compact.join(") AND (") + ")"
end
super
end
@@ -201,29 +202,29 @@ def is_paranoid_method_missing name, *args, &block
self.class.send(
:include,
Module.new {
- if assoc.macro.to_s =~ /^has/
- parent_method = assoc.macro.to_s =~ /^has_one/ ? 'first_with_destroyed' : 'all_with_destroyed'
- # Example:
- define_method name do |*args| # def android_with_destroyed
- parent_klass.send("#{parent_method}", # Android.all_with_destroyed(
- :conditions => { # :conditions => {
- assoc.primary_key_name => # :person_id =>
- self.send(parent_klass.primary_key) # self.send(:id)
- } # }
- ) # )
- end # end
-
- else
+ if assoc.macro.to_s =~ /^has/
+ parent_method = assoc.macro.to_s =~ /^has_one/ ? 'first_with_destroyed' : 'all_with_destroyed'
+ # Example:
+ define_method name do |*args| # def android_with_destroyed
+ parent_klass.send("#{parent_method}", # Android.all_with_destroyed(
+ :conditions => { # :conditions => {
+ assoc.primary_key_name => # :person_id =>
+ self.send(parent_klass.primary_key) # self.send(:id)
+ } # }
+ ) # )
+ end # end
+
+ else
# Example:
- define_method name do |*args| # def android_with_destroyed
- parent_klass.first_with_destroyed( # Android.first_with_destroyed(
- :conditions => { # :conditions => {
- parent_klass.primary_key => # :id =>
- self.send(assoc.primary_key_name) # self.send(:android_id)
- } # }
- ) # )
- end # end
- end
+ define_method name do |*args| # def android_with_destroyed
+ parent_klass.first_with_destroyed( # Android.first_with_destroyed(
+ :conditions => { # :conditions => {
+ parent_klass.primary_key => # :id =>
+ self.send(assoc.primary_key_name) # self.send(:android_id)
+ } # }
+ ) # )
+ end # end
+ end
}
)
self.send(name, *args, &block)
Please sign in to comment.
Something went wrong with that request. Please try again.