method

disallow_raw_sql!

v6.0.0 - Show latest stable - Class: ActiveRecord::Sanitization::ClassMethods

disallow_raw_sql!(args, permit: connection.column_name_matcher)

public

No documentation available.

# File activerecord/lib/active_record/sanitization.rb, line 137
      def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc:
        unexpected = nil
        args.each do |arg|
          next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s)
          (unexpected ||= []) << arg
        end

        return unless unexpected

        if allow_unsafe_raw_sql == :deprecated
          ActiveSupport::Deprecation.warn(
            "Dangerous query method (method whose arguments are used as raw "              "SQL) called with non-attribute argument(s): "              "#{unexpected.map(&:inspect).join(", ")}. Non-attribute "              "arguments will be disallowed in Rails 6.1. This method should "              "not be called with user-provided values, such as request "              "parameters or model attributes. Known-safe values can be passed "              "by wrapping them in Arel.sql()."
          )
        else
          raise(ActiveRecord::UnknownAttributeReference,
            "Query method called with non-attribute argument(s): " +
            unexpected.map(&:inspect).join(", ")
          )
        end
      end

disallow_raw_sql!

Related methods