Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Use whitelist to pass valid connection parameters to PGConn.

All the valids parameters for libpq are used.

See for the
full list

Fixes #8784
  • Loading branch information...
commit 19b52d3f81080d8eacb78c94bd5957ef7c637d07 1 parent cc24eba
@rafaelfranca rafaelfranca authored
17 activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -17,22 +17,25 @@
module ActiveRecord
module ConnectionHandling
+ VALID_CONN_PARAMS = [:host, :hostaddr, :port, :dbname, :user, :password, :connect_timeout,
+ :client_encoding, :options, :application_name, :fallback_application_name,
+ :keepalives, :keepalives_idle, :keepalives_interval, :keepalives_count,
+ :tty, :sslmode, :requiressl, :sslcert, :sslkey, :sslrootcert, :sslcrl,
+ :requirepeer, :krbsrvname, :gsslib, :service]
# Establishes a connection to the database that's used by all Active Record objects
def postgresql_connection(config) # :nodoc:
conn_params = config.symbolize_keys
- # Forward any unused config params to PGconn.connect.
- [:statement_limit, :encoding, :min_messages, :schema_search_path,
- :schema_order, :adapter, :pool, :checkout_timeout, :template,
- :prepared_statements, :reaping_frequency, :insert_returning, :variables].each do |key|
- conn_params.delete key
- end
- conn_params.delete_if { |k,v| v.nil? }
+ conn_params.delete_if { |_, v| v.nil? }
# Map ActiveRecords param names to PGs.
conn_params[:user] = conn_params.delete(:username) if conn_params[:username]
conn_params[:dbname] = conn_params.delete(:database) if conn_params[:database]
+ # Forward only valid config params to PGconn.connect.
+ conn_params.keep_if { |k, _| VALID_CONN_PARAMS.include?(k) }
# The postgres drivers don't allow the creation of an unconnected PGconn object,
# so just pass a nil connection object for the time being., logger, conn_params, config)
Please sign in to comment.
Something went wrong with that request. Please try again.