Skip to content

Commit

Permalink
Merge pull request #431 from kenzai/quote-tag-id
Browse files Browse the repository at this point in the history 
Quote any references to tag.id in raw sql
  • Loading branch information
@bf4
bf4 committed Dec 11, 2013
2 parents 8f7a830 + 1ae08ca commit 6ad1eb6
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions lib/acts_as_taggable_on/acts_as_taggable_on/core.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ def tagged_with(tags, options = {})
joins << "JOIN #{ActsAsTaggableOn::Tagging.table_name}" +
" ON #{ActsAsTaggableOn::Tagging.table_name}.taggable_id = #{quote}#{table_name}#{quote}.#{primary_key}" +
" AND #{ActsAsTaggableOn::Tagging.table_name}.taggable_type = #{quote_value(base_class.name)}" +
" AND #{ActsAsTaggableOn::Tagging.table_name}.tagger_id = #{owned_by.id}" +
" AND #{ActsAsTaggableOn::Tagging.table_name}.tagger_id = #{quote_value(owned_by.id)}" +
" AND #{ActsAsTaggableOn::Tagging.table_name}.tagger_type = #{quote_value(owned_by.class.base_class.to_s)}"
end

Expand Down Expand Up @@ -138,7 +138,7 @@ def tagged_with(tags, options = {})
tagging_join << " AND " + sanitize_sql(["#{taggings_alias}.context = ?", context.to_s]) if context

# don't need to sanitize sql, map all ids and join with OR logic
conditions << tags.map { |t| "#{taggings_alias}.tag_id = '#{t.id}'" }.join(" OR ")
conditions << tags.map { |t| "#{taggings_alias}.tag_id = #{quote_value(t.id)}" }.join(" OR ")
select_clause = "DISTINCT #{table_name}.*" unless context and tag_types.one?

if owned_by
Expand All @@ -161,7 +161,7 @@ def tagged_with(tags, options = {})
tagging_join = "JOIN #{ActsAsTaggableOn::Tagging.table_name} #{taggings_alias}" +
" ON #{taggings_alias}.taggable_id = #{quote}#{table_name}#{quote}.#{primary_key}" +
" AND #{taggings_alias}.taggable_type = #{quote_value(base_class.name)}" +
" AND #{taggings_alias}.tag_id = '#{tag.id}'"
" AND #{taggings_alias}.tag_id = #{quote_value(tag.id)}"

tagging_join << " AND " + sanitize_sql(["#{taggings_alias}.context = ?", context.to_s]) if context

Expand Down

0 comments on commit 6ad1eb6

Please sign in to comment.