From 2b4676a3733fa773be7bf0fa242cebfa5603274e Mon Sep 17 00:00:00 2001 From: philippmeissner Date: Fri, 9 Mar 2018 15:25:51 +0100 Subject: [PATCH 1/4] added specs --- .../orm/active_record_filter_records_spec.rb | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/spec/ajax-datatables-rails/orm/active_record_filter_records_spec.rb b/spec/ajax-datatables-rails/orm/active_record_filter_records_spec.rb index 32ac59b3..d07d662f 100644 --- a/spec/ajax-datatables-rails/orm/active_record_filter_records_spec.rb +++ b/spec/ajax-datatables-rails/orm/active_record_filter_records_spec.rb @@ -387,6 +387,32 @@ end end + describe 'Integer overflows' do + let(:largest_postgresql_integer_value) { 2147483647 } + let(:smallest_postgresql_integer_value) { -2147483648 } + + before(:each) do + create(:user, first_name: 'john', post_id: 1) + create(:user, first_name: 'mary', post_id: 2) + create(:user, first_name: 'phil', post_id: largest_postgresql_integer_value) + end + + it 'Returns an empty result if input value is too large' do + datatable.params[:columns]['4'][:search][:value] = largest_postgresql_integer_value + 1 + expect(datatable.data.size).to eq 0 + end + + it 'Returns an empty result if input value is too small' do + datatable.params[:columns]['4'][:search][:value] = smallest_postgresql_integer_value - 1 + expect(datatable.data.size).to eq 0 + end + + it 'returns the matching user' do + datatable.params[:columns]['4'][:search][:value] = largest_postgresql_integer_value + expect(datatable.data.size).to eq 1 + end + end + describe 'it can filter records with condition :eq' do let(:datatable) { DatatableCondEq.new(view) } From eb32b40b9b88ebb1742714b2b73246d6d00b092e Mon Sep 17 00:00:00 2001 From: philippmeissner Date: Fri, 9 Mar 2018 15:26:56 +0100 Subject: [PATCH 2/4] added helper methods --- .../datatable/column/search.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/ajax-datatables-rails/datatable/column/search.rb b/lib/ajax-datatables-rails/datatable/column/search.rb index e3371134..c48913af 100644 --- a/lib/ajax-datatables-rails/datatable/column/search.rb +++ b/lib/ajax-datatables-rails/datatable/column/search.rb @@ -5,6 +5,9 @@ module Datatable class Column module Search + SMALLEST_PQ_INTEGER = -2147483648 + LARGEST_PQ_INTEGER = 2147483647 + def searchable? @view_column.fetch(:searchable, true) end @@ -82,6 +85,18 @@ def numeric_search end end + def is_searchable_integer? + return false unless table.respond_to?(:engine) + table.engine.columns_hash[field.to_s].sql_type == 'integer' && is_integer?(search.value) && is_out_of_range?(search.value) + end + + def is_out_of_range? search_value + Integer(search_value) > LARGEST_PQ_INTEGER || Integer(search_value) < SMALLEST_PQ_INTEGER + end + + def is_integer?(string) + true if Integer(string) rescue false + end end end end From c7f3c6fc9da876da0e7daf602795a1eef02df627 Mon Sep 17 00:00:00 2001 From: philippmeissner Date: Fri, 9 Mar 2018 15:30:06 +0100 Subject: [PATCH 3/4] catched invalid integer values; added empty-search fallback --- lib/ajax-datatables-rails/datatable/column/search.rb | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/ajax-datatables-rails/datatable/column/search.rb b/lib/ajax-datatables-rails/datatable/column/search.rb index c48913af..40438f71 100644 --- a/lib/ajax-datatables-rails/datatable/column/search.rb +++ b/lib/ajax-datatables-rails/datatable/column/search.rb @@ -52,12 +52,20 @@ def regex_search end end + def empty_search + casted_column.matches("") + end + def non_regex_search case cond when Proc filter when :eq, :not_eq, :lt, :gt, :lteq, :gteq, :in - numeric_search + if is_searchable_integer? + empty_search + else + numeric_search + end when :null_value null_value_search when :start_with From 2a73f9e699c118e2c74f26e38e36f3c27fcd8df0 Mon Sep 17 00:00:00 2001 From: philippmeissner Date: Thu, 26 Apr 2018 12:29:00 +0200 Subject: [PATCH 4/4] fixed paranthesis, quotes; made logic more readable --- .../datatable/column/search.rb | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/lib/ajax-datatables-rails/datatable/column/search.rb b/lib/ajax-datatables-rails/datatable/column/search.rb index 40438f71..09d2c8f0 100644 --- a/lib/ajax-datatables-rails/datatable/column/search.rb +++ b/lib/ajax-datatables-rails/datatable/column/search.rb @@ -53,7 +53,7 @@ def regex_search end def empty_search - casted_column.matches("") + casted_column.matches('') end def non_regex_search @@ -61,11 +61,7 @@ def non_regex_search when Proc filter when :eq, :not_eq, :lt, :gt, :lteq, :gteq, :in - if is_searchable_integer? - empty_search - else - numeric_search - end + is_searchable_integer? ? numeric_search : empty_search when :null_value null_value_search when :start_with @@ -94,11 +90,11 @@ def numeric_search end def is_searchable_integer? - return false unless table.respond_to?(:engine) - table.engine.columns_hash[field.to_s].sql_type == 'integer' && is_integer?(search.value) && is_out_of_range?(search.value) + return true unless table.respond_to?(:engine) + table.engine.columns_hash[field.to_s].sql_type == 'integer' && is_integer?(search.value) && !is_out_of_range?(search.value) end - def is_out_of_range? search_value + def is_out_of_range?(search_value) Integer(search_value) > LARGEST_PQ_INTEGER || Integer(search_value) < SMALLEST_PQ_INTEGER end