On Wednesday, June 24, 2015 at 3:54:56 PM UTC+3, Frederick Cheung wrote:
> On Wednesday, June 24, 2015 at 3:21:39 PM UTC+3, simon2k wrote:
>
> >
> > I'm not sure whether I should treat it as a rails bug, and that rails should quote this integer, or not. I could look further into AR, if you feel, that this case should be handled. Otherwise, I'll be looking for a different solution for this challenge.
> >
> >
> Why is survey id a string column? I believe AR is casting as an integer because the column being compared with is an integer (your primary key on the other table). Not doing this cast has been at the root of security problems in the past if my memory is correct.
>
>
I forgot to add - if you are thinking of filing a bug, check that this occurs on current versions of rails (4.2.x) as the 3.2 branch only receives severe security updates.
Fred
> >
> > Regards,
> > Simon
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/4c0e1b1a-8d7a-4da6-8b3c-1e09a01d690b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment