[Rails3] No longer ask the engine/adapter to perform crazy string manipulation for adding limit offset, but rather do all this in the Arel SQL compiler.

metaskills · metaskills · commit acd697bdb098 · 2010-07-02T11:57:18.000-04:00
diff --git a/RAILS3_NOTES b/RAILS3_NOTES
@@ -34,7 +34,7 @@ on a local branch of our remote tracking branch.
 
 = SQL Server Todo
   
-  2364 tests, 9480 assertions, 9 failures, 48 errors
+  2364 tests, 8447 assertions, 8 failures, 47 errors
   
   * SQL Server Test Cases
     x eager_association_test_sqlserver.rb     (2) Limit offset stuff.
diff --git a/lib/active_record/connection_adapters/sqlserver/database_statements.rb b/lib/active_record/connection_adapters/sqlserver/database_statements.rb
@@ -43,110 +43,7 @@ def rollback_to_savepoint
         end
 
         def add_limit_offset!(sql, options)
-          # Easy locals.
-          limit = options[:limit].try(:to_i)
-          offset = options[:offset].try(:to_i)
-          select_clauses = options[:select_clauses]
-          order_clauses = options[:order_clauses]
-          primary_key = options[:primary_key]
-          table_name = options[:table_name]
-          # Template strings
-          limit_string = "TOP (#{limit}) " if limit.present?
-          select_string = select_clauses.join(', ').gsub(%r|\[#{table_name}\]\.|,'[_rnt].')
-          order_string = order_clauses.present? ? order_clauses.join(', ') : [quote_table_name(table_name),quote_column_name(primary_key)].join('.')
-          window_template = 
-            'SELECT #{limit_string}#{select_string} ' + 
-            'FROM (SELECT ROW_NUMBER() OVER (ORDER BY #{order_string}) AS [rn], #{sql.strip}) AS [_rnt] ' + 
-            'WHERE [_rnt].[rn] > #{offset}'
-          # Assembly
-          sql.sub! /SELECT/i, ''
-          sql.replace instance_eval("%|#{window_template}|")
-          
-          # http://github.com/kenglishhi/2000-2005-adapter/commit/476ac1f6dbd517ed090ef350e6d5855a581f6cbf
-          # if options[:limit] and options[:offset]
-          #   sql.sub! /ORDER BY.*$/i, ''
-          #   sql.sub! /SELECT/i, "SELECT ROW_NUMBER() OVER (ORDER BY #{options[:order]}) AS [row_number], "
-          #   sql.replace "SELECT TOP (#{options[:limit]}) * FROM (#{sql}) as [row_number_table] WHERE [row_number_table].[row_number] > #{options[:offset]}"
-          # end
-          
-          # options = {:limit => 10, :offset => 20, :order => '[users].[id] ASC'}
-          # sql = %|SELECT [users].[id], [users].[name] FROM [users]|
-          # >> sql.sub! /SELECT/i, "SELECT ROW_NUMBER() OVER (ORDER BY #{options[:order]}) AS [row_number], "
-          # => "SELECT ROW_NUMBER() OVER (ORDER BY [users].[id] ASC) AS [row_number],  [users].[id], [users].[name] FROM [users]"
-          # >> sql.replace "SELECT TOP (#{options[:limit]}) * FROM (#{sql}) as [row_number_table] WHERE [row_number_table].[row_number] > #{options[:offset]}"
-          # SELECT TOP (10) * FROM (
-          #   SELECT ROW_NUMBER() OVER (ORDER BY [users].[id] ASC) AS [row_number],
-          #   [users].[id], [users].[name] FROM [users]
-          # ) as [row_number_table] WHERE [row_number_table].[row_number] > 20"
-          
-          # SELECT * FROM
-          #   (SELECT ROW_NUMBER() 
-          #     OVER (ORDER BY [users].[id]) AS [rn], 
-          #     [users].[id], [users].[name]
-          #   FROM [users]) AS [_rnt]
-          # WHERE [_rnt].[rn] > 4
-          
-          # options[:offset] ||= 0
-          # if options[:offset] > 0
-          #   options[:order] ||= if order_by = sql.match(/ORDER BY (.*$)/i)
-          #                       order_by[1]
-          #                     else
-          #                       table_name = sql.match('FROM ([\[\]a-zA-Z0-9_\.]+)')[1]
-          # 
-          #                       find_table_primary_key_columns(table_name)
-          #                     end
-          #   sql.sub!(/ORDER BY.*$/i, '')
-          #   sql.sub!(/SELECT/i, "SELECT * FROM ( SELECT ROW_NUMBER() OVER( ORDER BY #{options[:order] } ) AS row_num, ")
-          #   sql << ") AS t WHERE row_num > #{options[:offset]}"
-          # end
-          # sql.sub!(/^SELECT/i, "SELECT TOP #{options[:limit]}") if options[:limit]
-          # sql
-          
-          
-
-          # # The business of adding limit/offset
-          # if options[:limit] and options[:offset]
-          #   tally_sql = "SELECT count(*) as TotalRows from (#{sql.sub(/\bSELECT(\s+DISTINCT)?\b/i, "SELECT#{$1} TOP 1000000000")}) tally"
-          #   add_lock! tally_sql, options
-          #   total_rows = select_value(tally_sql).to_i
-          #   if (options[:limit] + options[:offset]) >= total_rows
-          #     options[:limit] = (total_rows - options[:offset] >= 0) ? (total_rows - options[:offset]) : 0
-          #   end
-          #   # Make sure we do not need a special limit/offset for association limiting. http://gist.github.com/25118
-          #   add_limit_offset_for_association_limiting!(sql,options) and return if sql_for_association_limiting?(sql)
-          #   # Wrap the SQL query in a bunch of outer SQL queries that emulate proper LIMIT,OFFSET support.
-          #   sql.sub!(/^\s*SELECT(\s+DISTINCT)?/i, "SELECT * FROM (SELECT TOP #{options[:limit]} * FROM (SELECT#{$1} TOP #{options[:limit] + options[:offset]}")
-          #   sql << ") AS tmp1"
-          #   if options[:order]
-          #     order = options[:order].split(',').map do |field|
-          #       order_by_column, order_direction = field.split(" ")
-          #       order_by_column = quote_column_name(order_by_column)
-          #       # Investigate the SQL query to figure out if the order_by_column has been renamed.
-          #       if sql =~ /#{Regexp.escape(order_by_column)} AS (t\d+_r\d+)/
-          #         # Fx "[foo].[bar] AS t4_r2" was found in the SQL. Use the column alias (ie 't4_r2') for the subsequent orderings
-          #         order_by_column = $1
-          #       elsif order_by_column =~ /\w+\.\[?(\w+)\]?/
-          #         order_by_column = $1
-          #       else
-          #         # It doesn't appear that the column name has been renamed as part of the query. Use just the column
-          #         # name rather than the full identifier for the outer queries.
-          #         order_by_column = order_by_column.split('.').last
-          #       end
-          #       # Put the column name and eventual direction back together
-          #       [order_by_column, order_direction].join(' ').strip
-          #     end.join(', ')
-          #     sql << " ORDER BY #{change_order_direction(order)}) AS tmp2 ORDER BY #{order}"
-          #   else
-          #     sql << ") AS tmp2"
-          #   end
-          # elsif options[:limit] && sql !~ /^\s*SELECT (@@|COUNT\()/i
-          #   if md = sql.match(/^(\s*SELECT)(\s+DISTINCT)?(.*)/im)
-          #     sql.replace "#{md[1]}#{md[2]} TOP #{options[:limit]}#{md[3]}"
-          #   else
-          #     # Account for building SQL fragments without SELECT yet. See #update_all and #limited_update_conditions.
-          #     sql.replace "TOP #{options[:limit]} #{sql}"
-          #   end
-          # end
+          raise NotImplementedError, 'This has been moved to the SQLServerCompiler in Arel.'
         end
 
         def empty_insert_statement_value
diff --git a/test/cases/adapter_test_sqlserver.rb b/test/cases/adapter_test_sqlserver.rb
@@ -621,3 +621,23 @@ def with_enable_default_unicode_types(setting)
   
 end
 
+
+class AdapterTest < ActiveRecord::TestCase
+  
+  COERCED_TESTS = [
+    :test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas,
+    :test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
+  ]
+  
+  include SqlserverCoercedTest
+  
+  def test_coerced_test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas
+    true # Tested in our OffsetAndLimitTestSqlserver test case.
+  end
+
+  def test_coerced_test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
+    true # Tested in our OffsetAndLimitTestSqlserver test case.
+  end
+  
+  
+end
