弃用警告:使用非属性参数调用的危险查询方法(其参数用作原始 SQL 的方法)
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s)
我将我的 rails 5.1.4 应用程序更新到 5.2.0。我的一个模型中有以下范围:
scope :by_category, lambda { |category_slug|
category_ids = Category.find_by(slug: category_slug)&.subtree_ids
where(category_id: category_ids)
}
Rails returns 由于该范围,我出现以下错误:
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "coalesce(\"categories\".\"ancestry\", '')". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql()
我该如何解决?
问题是 ordered_by_ancestry scope:
scope :ordered_by_ancestry, Proc.new { |order|
if %w(mysql mysql2 sqlite sqlite3 postgresql).include?(connection.adapter_name.downcase) && ActiveRecord::VERSION::MAJOR >= 5
reorder("coalesce(#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}, '')", order)
else
reorder("(CASE WHEN #{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)} IS NULL THEN 0 ELSE 1 END), #{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}", order)
end
}
正在将 SQL 的原始字符串传递给 #reorder,正如警告所述,这在 Rails 5.2 中已弃用(并将在 Rails 6).
刚刚提交了 pull request,它通过将这些字符串包装在 Arel.sql 调用中来修复此问题。我希望它能快速合并(尽管拉取请求在第二个分支中缺少 Arel.sql 调用)但与此同时,您有一些选择:
忽略警告并等待 gem 被修补。
分叉 gem,合并拉取请求,并使用您的分叉版本,直到 gem 合并有问题的拉取请求。
手动替换ordered_by_ancestry范围:
def self.ordered_by_ancestry(order)
reorder(Arel.sql("coalesce(#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}, '')"), order)
end
并等待合并请求。
更新:修复此警告的拉取请求 just merged so there's no need to wait anymore, you should be able to grab the latest from GitHub and get on with more interesting things. Thanks to kbrock 用于解决此问题。
我将我的 rails 5.1.4 应用程序更新到 5.2.0。我的一个模型中有以下范围:
scope :by_category, lambda { |category_slug|
category_ids = Category.find_by(slug: category_slug)&.subtree_ids
where(category_id: category_ids)
}
Rails returns 由于该范围,我出现以下错误:
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "coalesce(\"categories\".\"ancestry\", '')". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql()
我该如何解决?
问题是 ordered_by_ancestry scope:
scope :ordered_by_ancestry, Proc.new { |order|
if %w(mysql mysql2 sqlite sqlite3 postgresql).include?(connection.adapter_name.downcase) && ActiveRecord::VERSION::MAJOR >= 5
reorder("coalesce(#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}, '')", order)
else
reorder("(CASE WHEN #{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)} IS NULL THEN 0 ELSE 1 END), #{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}", order)
end
}
正在将 SQL 的原始字符串传递给 #reorder,正如警告所述,这在 Rails 5.2 中已弃用(并将在 Rails 6).
刚刚提交了 pull request,它通过将这些字符串包装在 Arel.sql 调用中来修复此问题。我希望它能快速合并(尽管拉取请求在第二个分支中缺少 Arel.sql 调用)但与此同时,您有一些选择:
忽略警告并等待 gem 被修补。
分叉 gem,合并拉取请求,并使用您的分叉版本,直到 gem 合并有问题的拉取请求。
手动替换
ordered_by_ancestry范围:def self.ordered_by_ancestry(order) reorder(Arel.sql("coalesce(#{connection.quote_table_name(table_name)}.#{connection.quote_column_name(ancestry_column)}, '')"), order) end并等待合并请求。
更新:修复此警告的拉取请求 just merged so there's no need to wait anymore, you should be able to grab the latest from GitHub and get on with more interesting things. Thanks to kbrock 用于解决此问题。