From 6ff7bb3589cf8fd704cf3b7aca74ad70373d58f0 Mon Sep 17 00:00:00 2001 From: Keenan Brock Date: Tue, 16 Sep 2025 12:04:31 -0400 Subject: [PATCH] Support simple bind parameters I did not dive into what active record change caused this change in behavior, nor when a simple parameter is passed. But after upgrading to rails 7.1, this started showing up for many queries for me. Old Rails ========= The `binds` parameters, passed to sql are of the following forms: - ["parameter_name", "parameter_value"] - ActiveRecord::Relation::QueryAttribute Rails 7.1 (or maybe 7.0?) ============== The `binds` parameters, passed to sql are of the following forms: - ["parameter_name", "parameter_value"] - ActiveRecord::Relation::QueryAttribute - Simple class like Date, String The simple types caused an issue when trying to call String#name or String#value. After this commit ================= It is able to handle when simple objects are passed into rails If a password is passed as a simple parameter, that will get leaked, since the name of the parameter is no longer passed by rails. --- lib/mini_profiler.rb | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/mini_profiler.rb b/lib/mini_profiler.rb index 3eb012bc..18d44e33 100644 --- a/lib/mini_profiler.rb +++ b/lib/mini_profiler.rb @@ -96,8 +96,15 @@ def advanced_tools_message def binds_to_params(binds) return if binds.nil? || config.max_sql_param_length == 0 - # map ActiveRecord::Relation::QueryAttribute to [name, value] - params = binds.map { |c| c.kind_of?(Array) ? [c.first, c.last] : [c.name, c.value] } + params = binds.map do |c| + if c.kind_of?(Array) + [c.first, c.last] + elsif c.respond_to?(:name) # ActiveRecord::Relation::QueryAttribute + [c.name, c.value] + else # Time, String, Integer + ["param", c] + end + end if (skip = config.skip_sql_param_names) params.map { |(n, v)| n =~ skip ? [n, nil] : [n, v] } else