Permalink
Browse files

Don't allow `quote_value` to be called without a column

Some adapters require column information to do their job properly.
By enforcing the provision of the column for this internal method
we ensure that those using adapters that require column information
will always get the proper behavior.
  • Loading branch information...
1 parent c083dc2 commit 31a43ebc107fbd50e7e62567e5208a05909ec76c @Empact Empact committed Jul 21, 2013
@@ -1,3 +1,12 @@
+* Don't allow `quote_value` to be called without a column.
+
+ Some adapters require column information to do their job properly.
+ By enforcing the provision of the column for this internal method
+ we ensure that those using adapters that require column information
+ will always get the proper behavior.
+
+ *Ben Woosley*
+
* When using optimistic locking, `update` was not passing the column to `quote_value`
to allow the connection adapter to properly determine how to quote the value. This was
affecting certain databases that use specific colmn types.
@@ -3,8 +3,8 @@ module Sanitization
extend ActiveSupport::Concern
module ClassMethods
- def quote_value(value, column = nil) #:nodoc:
- connection.quote(value,column)
+ def quote_value(value, column) #:nodoc:
+ connection.quote(value, column)
end
# Used to sanitize objects before they're used in an SQL SELECT statement. Delegates to <tt>connection.quote</tt>.
@@ -613,7 +613,7 @@ def test_bind_record
def test_named_bind_with_postgresql_type_casts
l = Proc.new { bind(":a::integer '2009-01-01'::date", :a => '10') }
assert_nothing_raised(&l)
- assert_equal "#{ActiveRecord::Base.quote_value('10')}::integer '2009-01-01'::date", l.call
+ assert_equal "#{ActiveRecord::Base.connection.quote('10')}::integer '2009-01-01'::date", l.call
end
def test_string_sanitation

0 comments on commit 31a43eb

Please sign in to comment.