Displaying 2 results from an estimated 2 matches for "sqlliteral".
2011 Nov 22
4
A "strict Arel" mode for ActiveRecord to prevent SQL injection vulnerabilities
...turned on allows only SQL-safe Arel-style queries
(including queries that are internally built via Arel by ActiveRecord, such
as hash queries and find_by_xyz queries).
It looks like thereād be two main aspects to an implementation of this mode:
1) A change to Arel to allow the construction of SqlLiterals to be
restricted to values that are program constants (i.e., fully determined at
application boot time, before the first request is served).
2) A change to ActiveRecord to allow only execution of SQL statements that
have been obtained by flattening an Arel AST.
#1 is necessary for two reason...
2012 Oct 01
0
Add posibility pass hash to ActiveReccord::Querying#order
Hi guys
I have added possibility pass hash to order method. Also i updated symbol
parsing.
Here is the pull request - https://github.com/rails/rails/pull/7765
Can you please provide some feedback?
So the main idea is to convert symbol or hash into Arel::Nodes::Ordering
instead of Arel::Nodes::SqlLiteral.
Arel::Nodes::Ordering object contain information about table - so we can,
for example, change alias on the fly
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To view this discussion on the web visit https://groups.google.com/d...