Remove unsafe interpolation in PostgreSQL

elixir-ecto · Jul 30, 2023 · 3c0fe1c · 3c0fe1c
1 parent 8450566
commit 3c0fe1c
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 23 deletions.
diff --git a/lib/ecto/adapters/postgres/connection.ex b/lib/ecto/adapters/postgres/connection.ex
@@ -494,18 +494,7 @@ if Code.ensure_loaded?(Postgrex) do
 
     defp from(%{from: %{source: source, hints: hints}} = query, sources) do
       {from, name} = get_source(query, sources, 0, source)
-      [" FROM ", from, " AS ", name | hints(hints)]
-    end
-
-    defp hints([]), do: []
-    defp hints(hint) when is_binary(hint), do: [?\s | hint]
-
-    defp hints([{key, value} | tail]) do
-      [?\s, to_string(key), ?\s, to_string(value) | hints(tail)]
-    end
-
-    defp hints([hint | tail]) do
-      [?\s, hint | hints(tail)]
+      [" FROM ", from, " AS ", name | Enum.map(hints, &[?\s | &1])]
     end
 
     defp cte(%{with_ctes: %WithExpr{queries: [_ | _]}} = query, sources) do

diff --git a/test/ecto/adapters/postgres_test.exs b/test/ecto/adapters/postgres_test.exs
@@ -94,17 +94,6 @@ defmodule Ecto.Adapters.PostgresTest do
     assert all(query) == ~s{SELECT s0."x" FROM "schema" AS s0 TABLESAMPLE system_rows(1)}
   end
 
-  test "from with hints list of tuples" do
-    one = 1
-    query =
-      Schema
-      |> from(hints: ["TABLESAMPLE SYSTEM": one])
-      |> select([r], r.x)
-      |> plan()
-
-    assert all(query) == ~s{SELECT s0."x" FROM "schema" AS s0 TABLESAMPLE SYSTEM 1}
-  end
-
   test "from without schema" do
     query = "posts" |> select([r], r.x) |> plan()
     assert all(query) == ~s{SELECT p0."x" FROM "posts" AS p0}