kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Fix deprecation warning for dangerous order usage

Browse source
This commit is contained in:
Markus Koller 2019-08-07 22:22:02 +02:00
parent 68aab284a1
commit 2f8709fb53
No known key found for this signature in database
GPG key ID: EC9A8B44C0635CE2
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/models/user.rb
View file

@ -438,18 +438,20 @@ class User < ApplicationRecord
order = <<~SQL order = <<~SQL
CASE CASE
WHEN users.name = %{query} THEN 0 WHEN users.name = :query THEN 0
WHEN users.username = %{query} THEN 1 WHEN users.username = :query THEN 1
WHEN users.email = %{query} THEN 2 WHEN users.email = :query THEN 2
ELSE 3 ELSE 3
END END
SQL SQL
sanitized_order_sql = Arel.sql(sanitize_sql_array([order, query: query]))
where( where(
fuzzy_arel_match(:name, query, lower_exact_match: true) fuzzy_arel_match(:name, query, lower_exact_match: true)
.or(fuzzy_arel_match(:username, query, lower_exact_match: true)) .or(fuzzy_arel_match(:username, query, lower_exact_match: true))
.or(arel_table[:email].eq(query)) .or(arel_table[:email].eq(query))
).reorder(order % { query: ApplicationRecord.connection.quote(query) }, :name) ).reorder(sanitized_order_sql, :name)
end end
# Limits the result set to users _not_ in the given query/list of IDs. # Limits the result set to users _not_ in the given query/list of IDs.