search for: split_tag_names

...ry. I notified Obie of this over a month ago, so hopefully he''s fixed it. How to tell lif you''re vulnerable ====================== Make a tag with a single quote in it. See if raises an error. Now, go delete your entire database. How to fix ======== add/change the last line of split_tag_names tag_names = tag_names.flatten.map { |name| ActiveRecord::Base.connection.quote_string(tag.name.strip) } }.uniq.compact -- Remember to restart your app. court3nay http://caboo.se :: we like big fonts and yellow highlighting http://habtm.com :: personal codelog http://placelist.com :: just like...

I am using acts_as_taggable in my application and on the tagging side of things, no problem at all. Running edge Rails and PostgreSQL 8.1. I am then trying to find all my AR objects with a certain tag. The tag is: lasvegas and I know that there are at least 3 records with that tag. So, I''m doing this: @lists = List.find_tagged_with :any => @search_string, :separator =>

I needed to count tagged records, I came up with this: <pre>def count_tagged_with(options = {}) options = { :separator => '' '' }.merge(options) tag_names = ActiveRecord::Acts::Taggable.split_tag_names(options[:any] || options[:all], options[:separator]) raise "No tags were passed to :any or :all options" if tag_names.empty? o, o_pk, o_fk, t, t_pk, t_fk, jt = set_locals_for_sql sql = "SELECT COUNT(DISTINCT #{o}.#{o_pk}) FROM #{jt}, #{o}, #{t} WHERE...

...if I''m reading correctly. It seems ActiveRecord::Acts::Taggable::SingletonMethods#find_tagged_with is vulnerable to SQL injection attacks: def find_tagged_with(options = {}) options = { :separator => '' '' }.merge(options) tag_names = ActiveRecord::Acts::Taggable.split_tag_names(options[:any] || options[:all], options[:separator]) raise "No tags were passed to :any or :all options" if tag_names.empty? o, o_pk, o_fk, t, t_pk, t_fk, jt = set_locals_for_sql sql = "SELECT #{o}.* FROM #{jt}, #{o}, #{t} WHERE #{jt}.#{t_fk} = #{t}.#{t_pk} AND (#{t}.n...