Defect #28930

[Rails 5.2] sanitize dangerous query statements

Added by Pavel Rosický 19 days ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Code cleanup/refactoring
Target version:-
Resolution: Affected version:

Description

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "(CASE WHEN versions.effective_date IS NULL THEN 1 ELSE 0 END) DESC". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql().

arelsql.patch Magnifier (9.96 KB) Pavel Rosický, 2018-06-01 22:01


Related issues

Related to Redmine - Patch #28933: Migrate to Rails 5.2 New

History

#1 Updated by Go MAEDA 18 days ago

Also available in: Atom PDF