fixed has_many :conditions sanitizing (closes #4278) [hakuja@hakuja.net]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3935 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
This commit is contained in:
Rick Olson
2006-03-18 18:01:50 +00:00
parent b2122159b1
commit 50103b86e6
3 changed files with 4 additions and 4 deletions

View File

@@ -1244,7 +1244,7 @@ module ActiveRecord
case
when reflection.macro == :has_many && reflection.options[:through]
through_reflection = parent.active_record.reflect_on_association(reflection.options[:through])
through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.options[:conditions]})")}" : ''
through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.active_record.send :sanitize_sql, through_reflection.options[:conditions]})")}" : ''
if through_reflection.options[:as] # has_many :through against a polymorphic join
polymorphic_foreign_key = through_reflection.options[:as].to_s + '_id'
polymorphic_foreign_type = through_reflection.options[:as].to_s + '_type'
@@ -1296,7 +1296,7 @@ module ActiveRecord
aliased_table_name,
reflection.active_record.connection.quote_column_name(reflection.active_record.inheritance_column),
klass.quote(klass.name)] if sti?
join << "AND #{eval("%(#{reflection.options[:conditions]})")} " if reflection.options[:conditions]
join << "AND #{eval("%(#{reflection.active_record.send :sanitize_sql, reflection.options[:conditions]})")} " if reflection.options[:conditions]
join
end

View File

@@ -27,7 +27,7 @@ module ActiveRecord
end
def conditions
@conditions ||= eval("%(#{@reflection.options[:conditions]})") if @reflection.options[:conditions]
@conditions ||= eval("%(#{@reflection.active_record.send :sanitize_sql, @reflection.options[:conditions]})") if @reflection.options[:conditions]
end
alias :sql_conditions :conditions

View File

@@ -42,7 +42,7 @@ class Client < Company
belongs_to :firm, :foreign_key => "client_of"
belongs_to :firm_with_basic_id, :class_name => "Firm", :foreign_key => "firm_id"
belongs_to :firm_with_other_name, :class_name => "Firm", :foreign_key => "client_of"
belongs_to :firm_with_condition, :class_name => "Firm", :foreign_key => "client_of", :conditions => "1 = 1"
belongs_to :firm_with_condition, :class_name => "Firm", :foreign_key => "client_of", :conditions => ["1 = ?", 1]
# Record destruction so we can test whether firm.clients.clear has
# is calling client.destroy, deleting from the database, or setting