Merge pull request rails#26000 from kamipo/remove_sanitize

Remove internal `sanitize` method

Author: rafaelfranca

activerecord/lib/active_record/sanitization.rb

@@ -5,13 +5,6 @@ module Sanitization
     extend ActiveSupport::Concern
 
     module ClassMethods
-      # Used to sanitize objects before they're used in an SQL SELECT statement.
-      # Delegates to {connection.quote}[rdoc-ref:ConnectionAdapters::Quoting#quote].
-      def sanitize(object) # :nodoc:
-        connection.quote(object)
-      end
-      alias_method :quote_value, :sanitize
-
       protected
 
       # Accepts an array or string of SQL conditions and sanitizes
@@ -216,7 +209,7 @@ def raise_if_bind_arity_mismatch(statement, expected, provided) # :nodoc:
 
     # TODO: Deprecate this
     def quoted_id # :nodoc:
-      self.class.quote_value(@attributes[self.class.primary_key].value_for_database)
+      self.class.connection.quote(@attributes[self.class.primary_key].value_for_database)
     end
   end
 end

activerecord/test/cases/finder_test.rb

@@ -874,11 +874,6 @@ def test_named_bind_variables
     assert_kind_of Time, Topic.where(["id = :id", { id: 1 }]).first.written_on
   end
 
-  def test_string_sanitation
-    assert_not_equal "'something ' 1=1'", ActiveRecord::Base.sanitize("something ' 1=1")
-    assert_equal "'something; select table'", ActiveRecord::Base.sanitize("something; select table")
-  end
-
   def test_count_by_sql
     assert_equal(0, Entrant.count_by_sql("SELECT COUNT(*) FROM entrants WHERE id > 3"))
     assert_equal(1, Entrant.count_by_sql(["SELECT COUNT(*) FROM entrants WHERE id > ?", 2]))