Fix quote_bound_value to not map Strings #1416 [htonl]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1445 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
parent
bdf51f9582
commit
c2ed453880
@ -895,11 +895,10 @@ def replace_named_bind_variables(statement, bind_vars)
|
|||||||
end
|
end
|
||||||
|
|
||||||
def quote_bound_value(value)
|
def quote_bound_value(value)
|
||||||
case value
|
if (value.respond_to?(:map) && !value.is_a?(String))
|
||||||
when Enumerable
|
value.map { |v| connection.quote(v) }.join(',')
|
||||||
value.map { |v| connection.quote(v) }.join(',')
|
else
|
||||||
else
|
connection.quote(value)
|
||||||
connection.quote(value)
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -171,6 +171,10 @@ def test_bind_enumerable
|
|||||||
assert_equal %('a','b','c'), bind(':a', :a => Set.new(%w(a b c))) # '
|
assert_equal %('a','b','c'), bind(':a', :a => Set.new(%w(a b c))) # '
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_bind_string
|
||||||
|
assert_equal "''", bind('?', '')
|
||||||
|
end
|
||||||
|
|
||||||
def test_string_sanitation
|
def test_string_sanitation
|
||||||
assert_not_equal "'something ' 1=1'", ActiveRecord::Base.sanitize("something ' 1=1")
|
assert_not_equal "'something ' 1=1'", ActiveRecord::Base.sanitize("something ' 1=1")
|
||||||
assert_equal "'something; select table'", ActiveRecord::Base.sanitize("something; select table")
|
assert_equal "'something; select table'", ActiveRecord::Base.sanitize("something; select table")
|
||||||
|
Loading…
Reference in New Issue
Block a user