diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2020-02-11 22:21:34 +0300 |
---|---|---|
committer | Benjamin Neff <benjamin@coding4coffee.ch> | 2020-02-12 01:54:55 +0300 |
commit | 2e2b42ef1ad6719848567fd38bf8d71e95004607 (patch) | |
tree | da410bd743c66aba725baf7e4f18337960d8d1ab /app | |
parent | 4685df634cbc6fe12b6da5aac427d87e22c4d0a9 (diff) |
Mark non-attribute usage in SQL queries as safe.
Non-attribute arguments will be disallowed in Rails 6.0.
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/admins_controller.rb | 11 | ||||
-rw-r--r-- | app/controllers/contacts_controller.rb | 2 | ||||
-rw-r--r-- | app/models/person.rb | 6 | ||||
-rw-r--r-- | app/services/like_service.rb | 2 | ||||
-rw-r--r-- | app/services/reshare_service.rb | 2 |
5 files changed, 15 insertions, 8 deletions
diff --git a/app/controllers/admins_controller.rb b/app/controllers/admins_controller.rb index f0fa8bb5c..daad7c46f 100644 --- a/app/controllers/admins_controller.rb +++ b/app/controllers/admins_controller.rb @@ -51,7 +51,11 @@ class AdminsController < Admin::AdminController end def stats - @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag).limit(50).order('count(taggings.id) DESC').group(:tag).count + @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag) + .limit(50) + .order(Arel.sql("count(taggings.id) DESC")) + .group(:tag) + .count case params[:range] when "week" @@ -72,7 +76,10 @@ class AdminsController < Admin::AdminController create_hash(model, :range => range) end - @posts_per_day = Post.where("created_at >= ?", Date.today - 21.days).group("DATE(created_at)").order("DATE(created_at) ASC").count + @posts_per_day = Post.where("created_at >= ?", Time.zone.today - 21.days) + .group(Arel.sql("DATE(created_at)")) + .order(Arel.sql("DATE(created_at) ASC")) + .count @most_posts_within = @posts_per_day.values.max.to_f @user_count = User.count diff --git a/app/controllers/contacts_controller.rb b/app/controllers/contacts_controller.rb index f62050734..34a45b383 100644 --- a/app/controllers/contacts_controller.rb +++ b/app/controllers/contacts_controller.rb @@ -66,7 +66,7 @@ class ContactsController < ApplicationController when "receiving" current_user.contacts.receiving when "by_aspect" - order.unshift "contact_id IS NOT NULL DESC" + order.unshift Arel.sql("contact_id IS NOT NULL DESC") contacts_by_aspect(@aspect.id) else raise ArgumentError, "unknown type #{type}" diff --git a/app/models/person.rb b/app/models/person.rb index db799d7d7..081a08dd8 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -162,7 +162,7 @@ class Person < ApplicationRecord contacts.id IS NOT NULL AS is_contact SQL ) - .order(<<-SQL + .order(Arel.sql(<<-SQL is_author DESC, is_commenter DESC, is_liker DESC, @@ -170,7 +170,7 @@ class Person < ApplicationRecord profiles.full_name, people.diaspora_handle SQL - ) + )) } def self.community_spotlight @@ -241,7 +241,7 @@ class Person < ApplicationRecord query = query.where(contacts: {sharing: true, receiving: true}) if mutual query.where(closed_account: false) - .order(["contacts.user_id IS NULL", "profiles.last_name ASC", "profiles.first_name ASC"]) + .order([Arel.sql("contacts.user_id IS NULL"), "profiles.last_name ASC", "profiles.first_name ASC"]) end def name(opts = {}) diff --git a/app/services/like_service.rb b/app/services/like_service.rb index b5623a048..64bb990fa 100644 --- a/app/services/like_service.rb +++ b/app/services/like_service.rb @@ -22,7 +22,7 @@ class LikeService def find_for_post(post_id) likes = post_service.find!(post_id).likes - user ? likes.order("author_id = #{user.person.id} DESC") : likes + user ? likes.order(Arel.sql("author_id = #{user.person.id} DESC")) : likes end private diff --git a/app/services/reshare_service.rb b/app/services/reshare_service.rb index c4bd94ff6..2f4c73c6f 100644 --- a/app/services/reshare_service.rb +++ b/app/services/reshare_service.rb @@ -13,7 +13,7 @@ class ReshareService def find_for_post(post_id) reshares = post_service.find!(post_id).reshares - user ? reshares.order("author_id = #{user.person.id} DESC") : reshares + user ? reshares.order(Arel.sql("author_id = #{user.person.id} DESC")) : reshares end private |