[DRE-commits] [SCM] ruby-activerecord-3.2.git branch, master, updated. debian/3.2.6-5-27-g2ee0c93
Ondřej Surý
ondrej at sury.org
Wed May 29 09:06:40 UTC 2013
The following commit has been merged in the master branch:
commit 381027677ee14ab10a9d1e77267ab3f9d3bae3d1
Author: Ondřej Surý <ondrej at sury.org>
Date: Tue Feb 12 17:28:30 2013 +0100
Imported Upstream version 3.2.12
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6be0c27..93c5aba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,16 @@
-## Rails 3.2.11 ##
+## Rails 3.2.12 (unreleased) ##
+
+* Quote numeric values being compared to non-numeric columns. Otherwise,
+ in some database, the string column values will be coerced to a numeric
+ allowing 0, 0.0 or false to match any string starting with a non-digit.
+
+ Example:
+
+ App.where(apikey: 0) # => SELECT * FROM users WHERE apikey = '0'
+
+ *Dylan Smith*
+
+## Rails 3.2.11 (Jan 8, 2013) ##
* Fix querying with an empty hash *Damien Mathieu* [CVE-2013-0155]
diff --git a/checksums.yaml.gz b/checksums.yaml.gz
index cf6af0b..abc9b2c 100644
Binary files a/checksums.yaml.gz and b/checksums.yaml.gz differ
diff --git a/lib/active_record/connection_adapters/abstract/quoting.rb b/lib/active_record/connection_adapters/abstract/quoting.rb
index f93c7cd..fe0b195 100644
--- a/lib/active_record/connection_adapters/abstract/quoting.rb
+++ b/lib/active_record/connection_adapters/abstract/quoting.rb
@@ -25,13 +25,19 @@ module ActiveRecord
when true, false
if column && column.type == :integer
value ? '1' : '0'
+ elsif column && [:text, :string, :binary].include?(column.type)
+ value ? "'1'" : "'0'"
else
value ? quoted_true : quoted_false
end
# BigDecimals need to be put in a non-normalized form and quoted.
when nil then "NULL"
- when BigDecimal then value.to_s('F')
- when Numeric then value.to_s
+ when Numeric, ActiveSupport::Duration
+ value = BigDecimal === value ? value.to_s('F') : value.to_s
+ if column && ![:integer, :float, :decimal].include?(column.type)
+ value = "'#{value}'"
+ end
+ value
when Date, Time then "'#{quoted_date(value)}'"
when Symbol then "'#{quote_string(value.to_s)}'"
else
diff --git a/lib/active_record/connection_adapters/abstract_mysql_adapter.rb b/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
index abccc3a..61c5e80 100644
--- a/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
+++ b/lib/active_record/connection_adapters/abstract_mysql_adapter.rb
@@ -199,8 +199,6 @@ module ActiveRecord
if value.kind_of?(String) && column && column.type == :binary && column.class.respond_to?(:string_to_binary)
s = column.class.string_to_binary(value).unpack("H*")[0]
"x'#{s}'"
- elsif value.kind_of?(BigDecimal)
- value.to_s("F")
else
super
end
diff --git a/lib/active_record/relation/predicate_builder.rb b/lib/active_record/relation/predicate_builder.rb
index b31fdfd..236fd5c 100644
--- a/lib/active_record/relation/predicate_builder.rb
+++ b/lib/active_record/relation/predicate_builder.rb
@@ -51,6 +51,10 @@ module ActiveRecord
when Class
# FIXME: I think we need to deprecate this behavior
attribute.eq(value.name)
+ when Integer, ActiveSupport::Duration
+ # Arel treats integers as literals, but they should be quoted when compared with strings
+ column = engine.connection.schema_cache.columns_hash[table.name][attribute.name.to_s]
+ attribute.eq(Arel::Nodes::SqlLiteral.new(engine.connection.quote(value, column)))
else
attribute.eq(value)
end
diff --git a/lib/active_record/version.rb b/lib/active_record/version.rb
index ff9fa27..a340cfa 100644
--- a/lib/active_record/version.rb
+++ b/lib/active_record/version.rb
@@ -2,7 +2,7 @@ module ActiveRecord
module VERSION #:nodoc:
MAJOR = 3
MINOR = 2
- TINY = 11
+ TINY = 12
PRE = nil
STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
diff --git a/metadata.yml b/metadata.yml
index a728543..71e1f36 100644
--- a/metadata.yml
+++ b/metadata.yml
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: activerecord
version: !ruby/object:Gem::Version
- version: 3.2.11
+ version: 3.2.12
platform: ruby
authors:
- David Heinemeier Hansson
autorequire:
bindir: bin
cert_chain: []
-date: 2013-01-08 00:00:00.000000000 Z
+date: 2013-02-11 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: activesupport
@@ -16,28 +16,28 @@ dependencies:
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 3.2.11
+ version: 3.2.12
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 3.2.11
+ version: 3.2.12
- !ruby/object:Gem::Dependency
name: activemodel
requirement: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 3.2.11
+ version: 3.2.12
type: :runtime
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - '='
- !ruby/object:Gem::Version
- version: 3.2.11
+ version: 3.2.12
- !ruby/object:Gem::Dependency
name: arel
requirement: !ruby/object:Gem::Requirement
@@ -245,7 +245,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.0.0.preview3
+rubygems_version: 2.0.0.rc.2
signing_key:
specification_version: 4
summary: Object-relational mapper framework (part of Rails).
--
ruby-activerecord-3.2.git
More information about the Pkg-ruby-extras-commits
mailing list