Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fix GH #3163. Should quote database on mysql/mysql2. #5270

Merged
merged 1 commit into from

2 participants

Toshinori Kajihara Piotr Sarnacki
Toshinori Kajihara
Collaborator

database argument pass to tables method isn't escaped.
Please see #3163

Piotr Sarnacki drogus merged commit 44e7967 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 4, 2012
  1. Toshinori Kajihara
This page is out of date. Refresh to see the latest.
2  activerecord/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
View
@@ -375,7 +375,7 @@ def collation
def tables(name = nil, database = nil, like = nil) #:nodoc:
sql = "SHOW TABLES "
- sql << "IN #{database} " if database
+ sql << "IN #{quote_table_name(database)} " if database
sql << "LIKE #{quote(like)}" if like
execute_and_free(sql, 'SCHEMA') do |result|
10 activerecord/test/cases/adapters/mysql/mysql_adapter_test.rb
View
@@ -46,6 +46,16 @@ def test_exec_insert_string
assert_equal str, value
end
+ def test_tables_quoting
+ begin
+ @conn.tables(nil, "foo-bar", nil)
+ flunk
+ rescue => e
+ # assertion for *quoted* database properly
+ assert_match(/Access denied for user/, e.inspect)
+ end
+ end
+
private
def insert(ctx, data)
binds = data.map { |name, value|
11 activerecord/test/cases/adapters/mysql2/schema_test.rb
View
@@ -35,6 +35,17 @@ def test_table_exists?
def test_table_exists_wrong_schema
assert(!@connection.table_exists?("#{@db_name}.zomg"), "table should not exist")
end
+
+ def test_tables_quoting
+ begin
+ @connection.tables(nil, "foo-bar", nil)
+ flunk
+ rescue => e
+ # assertion for *quoted* database properly
+ assert_match(/Access denied for user/, e.inspect)
+ end
+ end
+
end
end
end
Something went wrong with that request. Please try again.