-
Notifications
You must be signed in to change notification settings - Fork 21.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle broken encoding in #write_query?
#43821
Conversation
It was added in Rails 6 #34505 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note this code was changed around a bit since implementation in 6.0, but yes this should be backported to any affected version.
👍 I can open the backport PRs tomorrow. |
If the SQL encoding somehow is invalid, `Regexp#match?` raises `ArgumentError`. Best we can do is to copy the string and try to match the regexp in "binary" mode. Hopefully these cases are rare enough that the string copy should be an important overhead.
1f70bfe
to
b629a5b
Compare
Backport of rails#43821 If the SQL encoding somehow is invalid, `Regexp#match?` raises `ArgumentError`. Best we can do is to copy the string and try to match the regexp in "binary" mode. Hopefully these cases are rare enough that the string copy should be an important overhead.
Since I don't think this can be considered a security issue, I created backport PRs for 7.0 and 6.1. |
Urk, I just noticed part of my change can cause a warning: >> /foo/n.match?("SELECT '€'")
warning: historical binary regexp match /.../n against UTF-8 string In the end the |
Backport of rails#43821 If the SQL encoding somehow is invalid, `Regexp#match?` raises `ArgumentError`. Best we can do is to copy the string and try to match the regexp in "binary" mode. Hopefully these cases are rare enough that the string copy should be an important overhead.
If the SQL encoding somehow is invalid,
Regexp#match?
raisesArgumentError
.Best we can do is to copy the string and try to match the regexp in "binary" mode.
Hopefully these cases are rare enough that the string copy shouldn't be an important overhead.
cc @rafaelfranca (we might want to backport this to 7.0).
cc @CelineBen who initially reported the issue to me.
cc @kamipo @eileencodes because I believe you worked on this area.
Also PS: I though this code was introduced in 7, but it might actually be older than that.