Allow limit values to accept an ARel SQL literal.

activerecord/lib/active_record/connection_adapters/abstract/database_statements.rb

@@ -278,13 +278,17 @@ def limited_update_conditions(where_sql, quoted_table_name, quoted_primary_key)
 
       # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
       #
-      # +limit+ may be anything that can evaluate to a string via #to_s. It
-      # should look like an integer, or a comma-delimited list of integers.
+      # The +limit+ may be anything that can evaluate to a string via #to_s. It
+      # should look like an integer, or a comma-delimited list of integers, or 
+      # an Arel SQL literal.
       #
+      # Returns Integer and Arel::Nodes::SqlLiteral limits as is. 
       # Returns the sanitized limit parameter, either as an integer, or as a
       # string which contains a comma-delimited list of integers.
       def sanitize_limit(limit)
-        if limit.to_s =~ /,/
+        if limit.is_a?(Integer) || limit.is_a?(Arel::Nodes::SqlLiteral)
+          limit
+        elsif limit.to_s =~ /,/
           Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',')
         else
           Integer(limit)

activerecord/test/cases/base_test.rb

@@ -59,7 +59,7 @@ def test_primary_key_with_no_id
     assert_nil Edge.primary_key
   end
 
-  unless current_adapter?(:PostgreSQLAdapter) || current_adapter?(:OracleAdapter)
+  unless current_adapter?(:PostgreSQLAdapter,:OracleAdapter,:SQLServerAdapter)
     def test_limit_with_comma
       assert_nothing_raised do
         Topic.limit("1,2").all
@@ -94,7 +94,13 @@ def test_limit_should_sanitize_sql_injection_for_limit_with_comas
       Topic.limit("1, 7 procedure help()").all
     end
   end
-
+
+  unless current_adapter?(:MysqlAdapter)
+    def test_limit_should_allow_sql_literal
+      assert_equal 1, Topic.limit(Arel.sql('2-1')).all.length
+    end
+  end
+
   def test_select_symbol
     topic_ids = Topic.select(:id).map(&:id).sort
     assert_equal Topic.find(:all).map(&:id).sort, topic_ids