Skip to content

G
gitlab-ce
Commit a114c988 authored by Shinya Maeda's avatar Shinya Maeda
Browse files
Options

Fixed SQL injection

parent d15c120f
Show whitespace changes
Inline Side-by-side
Showing with 2 additions and 2 deletions
app/finders/pipelines_finder.rb
View file @ a114c988
...@@ -103,9 +103,9 @@ class PipelinesFinder ...@@ -103,9 +103,9 @@ class PipelinesFinder
if params[:order_by].present? && params[:sort].present? && if params[:order_by].present? && params[:sort].present? &&
items.column_names.include?(params[:order_by]) && items.column_names.include?(params[:order_by]) &&
(params[:sort].casecmp('ASC') || params[:sort].casecmp('DESC')) (params[:sort].casecmp('ASC') || params[:sort].casecmp('DESC'))
items.order("#{params[:order_by]} #{params[:sort]}") items.reorder(params[:order_by] => params[:sort])
else else
items.order(id: :desc) items.reorder(id: :desc)
end end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7