Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't allow `quote_value` to be called without a column

Some adapters require column information to do their job properly.
By enforcing the provision of the column for this internal method
we ensure that those using adapters that require column information
will always get the proper behavior.
  • Loading branch information...
commit 31a43ebc107fbd50e7e62567e5208a05909ec76c 1 parent c083dc2
@Empact Empact authored
View
9 activerecord/CHANGELOG.md
@@ -1,3 +1,12 @@
+* Don't allow `quote_value` to be called without a column.
+
+ Some adapters require column information to do their job properly.
+ By enforcing the provision of the column for this internal method
+ we ensure that those using adapters that require column information
+ will always get the proper behavior.
+
+ *Ben Woosley*
+
* When using optimistic locking, `update` was not passing the column to `quote_value`
to allow the connection adapter to properly determine how to quote the value. This was
affecting certain databases that use specific colmn types.
View
4 activerecord/lib/active_record/sanitization.rb
@@ -3,8 +3,8 @@ module Sanitization
extend ActiveSupport::Concern
module ClassMethods
- def quote_value(value, column = nil) #:nodoc:
- connection.quote(value,column)
+ def quote_value(value, column) #:nodoc:
+ connection.quote(value, column)
end
# Used to sanitize objects before they're used in an SQL SELECT statement. Delegates to <tt>connection.quote</tt>.
View
2  activerecord/test/cases/finder_test.rb
@@ -613,7 +613,7 @@ def test_bind_record
def test_named_bind_with_postgresql_type_casts
l = Proc.new { bind(":a::integer '2009-01-01'::date", :a => '10') }
assert_nothing_raised(&l)
- assert_equal "#{ActiveRecord::Base.quote_value('10')}::integer '2009-01-01'::date", l.call
+ assert_equal "#{ActiveRecord::Base.connection.quote('10')}::integer '2009-01-01'::date", l.call
end
def test_string_sanitation
Please sign in to comment.
Something went wrong with that request. Please try again.