On Wednesday, June 24, 2015 at 3:54:56 PM UTC+3, Frederick Cheung wrote: > On Wednesday, June 24, 2015 at 3:21:39 PM UTC+3, simon2k wrote: > > > > > I'm not sure whether I should treat it as a rails bug, and that rails > > should quote this integer, or not. I could look further into AR, if you > > feel, that this case should be handled. Otherwise, I'll be looking for a > > different solution for this challenge. > > > > > Why is survey id a string column? I believe AR is casting as an integer > because the column being compared with is an integer (your primary key on the > other table). Not doing this cast has been at the root of security problems > in the past if my memory is correct. > >
I forgot to add - if you are thinking of filing a bug, check that this occurs on current versions of rails (4.2.x) as the 3.2 branch only receives severe security updates. Fred > > > > Regards, > > Simon -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/4c0e1b1a-8d7a-4da6-8b3c-1e09a01d690b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
