Flowdock
method

enforce_raw_sql_whitelist

Importance_0
v5.2.3 - Show latest stable - 0 notes - Class: ActiveRecord::AttributeMethods::ClassMethods
  • 1.0.0
  • 1.1.6
  • 1.2.6
  • 2.0.3
  • 2.1.0
  • 2.2.1
  • 2.3.8
  • 3.0.0
  • 3.0.9
  • 3.1.0
  • 3.2.1
  • 3.2.8
  • 3.2.13
  • 4.0.2
  • 4.1.8
  • 4.2.1
  • 4.2.7
  • 4.2.9
  • 5.0.0.1
  • 5.1.7
  • 5.2.3 (0)
  • 6.0.0
  • 6.1.3.1
  • 6.1.7.7
  • 7.0.0
  • 7.1.3.2
  • What's this?
enforce_raw_sql_whitelist(args, whitelist: COLUMN_NAME_WHITELIST) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

Hide source
# File activerecord/lib/active_record/attribute_methods.rb, line 193
      def enforce_raw_sql_whitelist(args, whitelist: COLUMN_NAME_WHITELIST) # :nodoc:
        unexpected = args.reject do |arg|
          arg.kind_of?(Arel::Node) ||
            arg.is_a?(Arel::Nodes::SqlLiteral) ||
            arg.is_a?(Arel::Attributes::Attribute) ||
            arg.to_s.split(/\s*,\s*/).all? { |part| whitelist.match?(part) }
        end

        return if unexpected.none?

        if allow_unsafe_raw_sql == :deprecated
          ActiveSupport::Deprecation.warn(
            "Dangerous query method (method whose arguments are used as raw "              "SQL) called with non-attribute argument(s): "              "#{unexpected.map(&:inspect).join(", ")}. Non-attribute "              "arguments will be disallowed in Rails 6.0. This method should "              "not be called with user-provided values, such as request "              "parameters or model attributes. Known-safe values can be passed "              "by wrapping them in Arel.sql()."
          )
        else
          raise(ActiveRecord::UnknownAttributeReference,
            "Query method called with non-attribute argument(s): " +
            unexpected.map(&:inspect).join(", ")
          )
        end
      end
Register or log in to add new notes.