BigW Consortium Gitlab

Commit a114c988 by Shinya Maeda

Fixed SQL injection

parent d15c120f
...@@ -103,9 +103,9 @@ class PipelinesFinder ...@@ -103,9 +103,9 @@ class PipelinesFinder
if params[:order_by].present? && params[:sort].present? && if params[:order_by].present? && params[:sort].present? &&
items.column_names.include?(params[:order_by]) && items.column_names.include?(params[:order_by]) &&
(params[:sort].casecmp('ASC') || params[:sort].casecmp('DESC')) (params[:sort].casecmp('ASC') || params[:sort].casecmp('DESC'))
items.order("#{params[:order_by]} #{params[:sort]}") items.reorder(params[:order_by] => params[:sort])
else else
items.order(id: :desc) items.reorder(id: :desc)
end end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment