Merge pull request #36350 from kamipo/fast_pluck

Allow symbol (i.e. quoted identifier) as safe SQL string
rails · May 28, 2019 · c495fff · c495fff
1 parent b064a78
commit c495fff
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb
@@ -185,12 +185,14 @@ def attribute_names
       /ix
 
       def disallow_raw_sql!(args, permit: COLUMN_NAME) # :nodoc:
-        unexpected = args.reject do |arg|
-          Arel.arel_node?(arg) ||
+        unexpected = nil
+        args.each do |arg|
+          next if arg.is_a?(Symbol) || Arel.arel_node?(arg) ||
             arg.to_s.split(/\s*,\s*/).all? { |part| permit.match?(part) }
+          (unexpected ||= []) << arg
         end
 
-        return if unexpected.none?
+        return unless unexpected
 
         if allow_unsafe_raw_sql == :deprecated
           ActiveSupport::Deprecation.warn(