Project

General

Profile

Actions
Copy link

Defect #28930

closed

[Rails 5.2] sanitize dangerous query statements

Added by Pavel Rosický almost 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Code cleanup/refactoring
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "(CASE WHEN versions.effective_date IS NULL THEN 1 ELSE 0 END) DESC". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().

Files

arelsql.patch (9.96 KB) arelsql.patch Pavel Rosický, 2018-06-01 22:01

Related issues

Related to Redmine - Patch #28933: Migrate to Rails 5.2Closed

Actions
Actions
Copy link
 #1

Updated by Go MAEDA almost 6 years ago

Actions
Copy link
 #2

Updated by Jean-Philippe Lang almost 6 years ago

  • Status changed from New to Closed

See r17411.

Actions
Copy link

Also available in: Atom PDF