jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix raw sql deprecation warning in tag autocomplete.

Browse Source 
DEPRECATION WARNING: Dangerous query method (method whose arguments
    are used as raw SQL) called with non-attribute argument(s): "trunc(3
    * similarity(name, 'two')) DESC". Non-attribute arguments will be
    disallowed in Rails 6.1. This method should not be called with
    user-provided values, such as request parameters or model
    attributes. Known-safe values can be passed by wrapping them in
    Arel.sql(). (called from order_similarity at
    /home/admin/src/danbooru/app/models/tag.rb:817)
This commit is contained in:
evazion
2019-09-23 13:52:21 -05:00
parent c1bb88a52a
commit 8de6925807
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/tag.rb
View File

@@ -814,7 +814,7 @@ class Tag < ApplicationRecord
def order_similarity(name)
# trunc(3 * sim) reduces the similarity score from a range of 0.0 -> 1.0 to just 0, 1, or 2.
# This groups tags first by approximate similarity, then by largest tags within groups of similar tags.
order("trunc(3 * similarity(name, #{connection.quote(name)})) DESC", "post_count DESC", "name DESC")
order(Arel.sql("trunc(3 * similarity(name, #{connection.quote(name)})) DESC", "post_count DESC", "name DESC"))
end
# ref: https://www.postgresql.org/docs/current/static/pgtrgm.html#idm46428634524336