jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

users: fix deprecation warning in current_user_first.

Browse Source 
DEPRECATION WARNING: Dangerous query method (method whose arguments
    are used as raw SQL) called with non-attribute argument(s): "id =
    52664 desc". Non-attribute arguments will be disallowed in Rails
    6.1. This method should not be called with user-provided values,
    such as request parameters or model attributes. Known-safe values
    can be passed by wrapping them in Arel.sql().
This commit is contained in:
evazion
2019-09-01 13:10:37 -05:00
parent 80d881bfcb
commit 3216f83ad8
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/user.rb
View File

@@ -752,9 +752,9 @@ class User < ApplicationRecord
end end
if params[:current_user_first].to_s.truthy? && !CurrentUser.is_anonymous? if params[:current_user_first].to_s.truthy? && !CurrentUser.is_anonymous?
q = q.order("id = #{CurrentUser.user.id.to_i} desc") q = q.order(Arel.sql("id = #{CurrentUser.id} desc"))
end end
case params[:order] case params[:order]
when "name" when "name"
q = q.order("name") q = q.order("name")