fixed has_many :conditions sanitizing (closes #4278) [hakuja@hakuja.net]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3935 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2026-02-19 02:14:20 -05:00 · 2006-03-18 18:01:50 +00:00
parent b2122159b1
commit 50103b86e6
3 changed files with 4 additions and 4 deletions
--- a/activerecord/lib/active_record/associations.rb
+++ b/activerecord/lib/active_record/associations.rb
@@ -1244,7 +1244,7 @@ module ActiveRecord
                  case
                    when reflection.macro == :has_many && reflection.options[:through]
                      through_reflection = parent.active_record.reflect_on_association(reflection.options[:through])
-                      through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.options[:conditions]})")}" : ''
+                      through_conditions = through_reflection.options[:conditions] ? "AND #{eval("%(#{through_reflection.active_record.send :sanitize_sql, through_reflection.options[:conditions]})")}" : ''
                      if through_reflection.options[:as] # has_many :through against a polymorphic join
                        polymorphic_foreign_key  = through_reflection.options[:as].to_s + '_id'
                        polymorphic_foreign_type = through_reflection.options[:as].to_s + '_type'
@@ -1296,7 +1296,7 @@ module ActiveRecord
                aliased_table_name, 
                reflection.active_record.connection.quote_column_name(reflection.active_record.inheritance_column), 
                klass.quote(klass.name)] if sti?
-              join << "AND #{eval("%(#{reflection.options[:conditions]})")} " if reflection.options[:conditions]
+              join << "AND #{eval("%(#{reflection.active_record.send :sanitize_sql, reflection.options[:conditions]})")} " if reflection.options[:conditions]
              join
            end
            
--- a/activerecord/lib/active_record/associations/association_proxy.rb
+++ b/activerecord/lib/active_record/associations/association_proxy.rb
@@ -27,7 +27,7 @@ module ActiveRecord
      end
      
      def conditions
-        @conditions ||= eval("%(#{@reflection.options[:conditions]})") if @reflection.options[:conditions]
+        @conditions ||= eval("%(#{@reflection.active_record.send :sanitize_sql, @reflection.options[:conditions]})") if @reflection.options[:conditions]
      end
      alias :sql_conditions :conditions
      
--- a/activerecord/test/fixtures/company.rb
+++ b/activerecord/test/fixtures/company.rb
@@ -42,7 +42,7 @@ class Client < Company
  belongs_to :firm, :foreign_key => "client_of"
  belongs_to :firm_with_basic_id, :class_name => "Firm", :foreign_key => "firm_id"
  belongs_to :firm_with_other_name, :class_name => "Firm", :foreign_key => "client_of"
-  belongs_to :firm_with_condition, :class_name => "Firm", :foreign_key => "client_of", :conditions => "1 = 1"
+  belongs_to :firm_with_condition, :class_name => "Firm", :foreign_key => "client_of", :conditions => ["1 = ?", 1]

  # Record destruction so we can test whether firm.clients.clear has
  # is calling client.destroy, deleting from the database, or setting