method

disallow_raw_sql!

v6.0.0 - Show latest stable - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0 (0)
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (0)
7.1.3.4 (0)
What's this?

disallow_raw_sql!(args, permit: connection.column_name_matcher) public

No documentation

This method has no description. You can help the Ruby on Rails community by adding new notes.

# File activerecord/lib/active_record/sanitization.rb, line 137
      def disallow_raw_sql!(args, permit: connection.column_name_matcher) # :nodoc:
        unexpected = nil
        args.each do |arg|
          next if arg.is_a?(Symbol) || Arel.arel_node?(arg) || permit.match?(arg.to_s)
          (unexpected ||= []) << arg
        end

        return unless unexpected

        if allow_unsafe_raw_sql == :deprecated
          ActiveSupport::Deprecation.warn(
            "Dangerous query method (method whose arguments are used as raw "              "SQL) called with non-attribute argument(s): "              "#{unexpected.map(&:inspect).join(", ")}. Non-attribute "              "arguments will be disallowed in Rails 6.1. This method should "              "not be called with user-provided values, such as request "              "parameters or model attributes. Known-safe values can be passed "              "by wrapping them in Arel.sql()."
          )
        else
          raise(ActiveRecord::UnknownAttributeReference,
            "Query method called with non-attribute argument(s): " +
            unexpected.map(&:inspect).join(", ")
          )
        end
      end

disallow_raw_sql!

Related methods

No documentation