floraachy/gitlink-forgeplus
1
0
Fork 0
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git synced 2026-05-02 19:30:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: sql attack

Browse Source
This commit is contained in:
vilet.yy
2021-06-17 16:13:40 +08:00
parent 880f09a94a
commit 09dfd504c2
17 changed files with 59 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/queries/projects/list_my_query.rb
View File

@@ -55,8 +55,8 @@ class Projects::ListMyQuery < ApplicationQuery
scope = q.result.includes(:project_category, :project_language,:owner, :repository, :has_pinned_users)
sort = params[:sort_by] || "updated_on"
sort_direction = params[:sort_direction] || "desc"
sort = Project.column_names.include?(params[:sort_by]) ? params[:sort_by] : "updated_on"
sort_direction = %w(desc asc).include?(params[:sort_direction]) ? params[:sort_direction] : "desc"
if params[:choosed].present? && params[:choosed].is_a?(Array)
scope.order("FIELD(id, #{params[:choosed].reverse.join(",")}) desc")