fix: Prevent quotes in the tenant name

and simplify the implementation of the connection's injected log method.

Author: flavorjones

lib/active_record/tenanted/database_configurations.rb

@@ -11,7 +11,9 @@ def database_tasks?
         end
 
         def database_path_for(tenant_name)
-          raise BadTenantNameError, "Tenant name cannot contain path separators: #{tenant_name.inspect}" if tenant_name.include?("/")
+          if tenant_name.match?(%r{[/'"`]})
+            raise BadTenantNameError, "Tenant name contains an invalid character: #{tenant_name.inspect}"
+          end
           sprintf(database, tenant: tenant_name)
         end
 
@@ -41,12 +43,9 @@ def tenant
 
         def new_connection
           conn = super
-          log_addition = " [tenant=#{tenant}]"
           conn.class_eval <<~CODE, __FILE__, __LINE__ + 1
             private def log(sql, name = "SQL", *args, **kwargs, &block)
-              name ||= ""
-              name += "#{log_addition}"
-              super(sql, name, *args, **kwargs, &block)
+              super(sql, "\#{name} [tenant=#{tenant}]", *args, **kwargs, &block)
             end
           CODE
           conn

test/unit/database_configurations_test.rb

@@ -36,6 +36,12 @@
       test "raises if the tenant name contains a path separator" do
         assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo/bar") }
       end
+
+      test "raises if the tenant name contains a quote or double-quote or back-quote" do
+        assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo'bar") }
+        assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo\"bar") }
+        assert_raises(ActiveRecord::Tenanted::BadTenantNameError) { config.database_path_for("foo`bar") }
+      end
     end
 
     for_each_scenario do