Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Paginate's :page argument generates invalid queries given values larger than sql BIGINT #115

jonah-williams opened this Issue · 3 comments

2 participants


Given examples like @posts = Post.paginate_by_board_id, :page => params[:page], :order => 'updated_at DESC' which suggest that we should be able to pass user provided params to will_paginate I would expect will_paginate to validate the range of the provided arguments. As is a user can specify a page number greater than 9223372036854775807 which will generate an invalid SQL query. Instead I would expect will_paginate to raise InvalidPage or ArgumentError as it does when given negative or otherwise invalid arguments.

Fix available in #116


Pulled in 4d92d1b

@mislav mislav closed this
@mislav mislav referenced this issue from a commit
@mislav refactor page number checking, add offset validation
Raise WP::InvalidPage exception on offset values larger than SQL's BIGINT

references #115

Thanks for raising this concern. I've pulled your contribution, but refactored it later to account for the fact it's not the page number we're concerned with, it's the calculated offset when performing the SQL query. So now only offset is checked for exceeding BIGINT.

Of course, the SQL limit is also a part of the query, but limit values should never come from outside of the app (or if they do, they should be sanitized). Therefore I don't check limit this way because I trust the developers.


Sounds good, thanks for completing the fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.