From c1156bfc43dd90e89acb8ffdd4e844f4e4e404ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Wed, 2 Jul 2014 15:15:21 -0300
Subject: [PATCH] Make sure range strings are quoted after we quote the range.

---
 .../connection_adapters/postgresql/quoting.rb      |  2 +-
 .../test/cases/adapters/postgresql/quoting_test.rb |  2 +-
 .../test/cases/adapters/postgresql/range_test.rb   | 26 ++++++++++++++++++++++
 3 files changed, 28 insertions(+), 2 deletions(-)
 create mode 100644 activerecord/test/cases/adapters/postgresql/range_test.rb

diff --git a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
index 06b6478..1b5109a 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb
@@ -24,7 +24,7 @@ module ActiveRecord
           when Range
             if /range$/ =~ sql_type
               escaped = quote_string(PostgreSQLColumn.range_to_string(value))
-              "#{escaped}::#{sql_type}"
+              "'#{escaped}'::#{sql_type}"
             else
               super
             end
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 0cafb63..488cd61 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -56,7 +56,7 @@ module ActiveRecord
         def test_quote_range
           range = "1,2]'; SELECT * FROM users; --".."a"
           c = PostgreSQLColumn.new(nil, nil, OID::Range.new(:integer), 'int8range')
-          assert_equal "[1,2]''; SELECT * FROM users; --,a]::int8range", @conn.quote(range, c)
+          assert_equal "'[1,2]''; SELECT * FROM users; --,a]'::int8range", @conn.quote(range, c)
         end
       end
     end
diff --git a/activerecord/test/cases/adapters/postgresql/range_test.rb b/activerecord/test/cases/adapters/postgresql/range_test.rb
new file mode 100644
index 0000000..d16f990
--- /dev/null
+++ b/activerecord/test/cases/adapters/postgresql/range_test.rb
@@ -0,0 +1,26 @@
+require "cases/helper"
+
+if ActiveRecord::Base.connection.supports_ranges?
+  class PostgresqlRange < ActiveRecord::Base
+    self.table_name = "postgresql_ranges"
+  end
+
+  class PostgresqlRangeTest < ActiveRecord::TestCase
+    test "update_all with ranges" do
+      PostgresqlRange.create!
+
+      PostgresqlRange.update_all(int8_range: 1..100)
+
+      assert_equal 1...101, PostgresqlRange.first.int8_range
+    end
+
+    test "ranges correctly escape input" do
+      e = assert_raises(ActiveRecord::StatementInvalid) do
+        range = "1,2]'; SELECT * FROM users; --".."a"
+        PostgresqlRange.update_all(int8_range: range)
+      end
+
+      assert e.message.starts_with?("PG::InvalidTextRepresentation")
+    end
+  end
+end
-- 
2.0.0