floraachy/gitlink-forgeplus
1
0
Fork 0
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git synced 2026-05-20 11:45:57 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: sql attack

Browse Source
This commit is contained in:
vilet.yy
2021-06-17 16:13:40 +08:00
parent 880f09a94a
commit 09dfd504c2
17 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/admins/project_languages_controller.rb
View File

@@ -3,8 +3,8 @@ class Admins::ProjectLanguagesController < Admins::BaseController
before_action :validate_names, only: [:create, :update]
def index
sort_by = params[:sort_by] ||= 'created_at'
sort_direction = params[:sort_direction] ||= 'desc'
sort_by = ProjectLanguage.column_names.include?(params[:sort_by]) ? params[:sort_by] : 'created_at'
sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : 'desc'
q = ProjectLanguage.ransack(name_cont: params[:search])
project_languages = q.result(distinct: true).order("#{sort_by} #{sort_direction}")
@project_languages = paginate(project_languages)