Commit 6997dfa3 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Sanitize id value passed to async background migration

parent 1bb0448f
...@@ -2,15 +2,13 @@ module Gitlab ...@@ -2,15 +2,13 @@ module Gitlab
module BackgroundMigration module BackgroundMigration
class MigrateBuildStageIdReference class MigrateBuildStageIdReference
def perform(id) def perform(id)
raise ArgumentError unless id.present?
sql = <<-SQL.strip_heredoc sql = <<-SQL.strip_heredoc
UPDATE "ci_builds" UPDATE "ci_builds"
SET "stage_id" = SET "stage_id" =
(SELECT id FROM ci_stages (SELECT id FROM ci_stages
WHERE ci_stages.pipeline_id = ci_builds.commit_id WHERE ci_stages.pipeline_id = ci_builds.commit_id
AND ci_stages.name = ci_builds.stage) AND ci_stages.name = ci_builds.stage)
WHERE "ci_builds"."id" = #{id} WHERE "ci_builds"."id" = #{id.to_i}
AND "ci_builds"."stage_id" IS NULL AND "ci_builds"."stage_id" IS NULL
SQL SQL
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment