Commit 2f8709fb authored by Markus Koller's avatar Markus Koller

Fix deprecation warning for dangerous order usage

parent 68aab284
...@@ -438,18 +438,20 @@ class User < ApplicationRecord ...@@ -438,18 +438,20 @@ class User < ApplicationRecord
order = <<~SQL order = <<~SQL
CASE CASE
WHEN users.name = %{query} THEN 0 WHEN users.name = :query THEN 0
WHEN users.username = %{query} THEN 1 WHEN users.username = :query THEN 1
WHEN users.email = %{query} THEN 2 WHEN users.email = :query THEN 2
ELSE 3 ELSE 3
END END
SQL SQL
sanitized_order_sql = Arel.sql(sanitize_sql_array([order, query: query]))
where( where(
fuzzy_arel_match(:name, query, lower_exact_match: true) fuzzy_arel_match(:name, query, lower_exact_match: true)
.or(fuzzy_arel_match(:username, query, lower_exact_match: true)) .or(fuzzy_arel_match(:username, query, lower_exact_match: true))
.or(arel_table[:email].eq(query)) .or(arel_table[:email].eq(query))
).reorder(order % { query: ApplicationRecord.connection.quote(query) }, :name) ).reorder(sanitized_order_sql, :name)
end end
# Limits the result set to users _not_ in the given query/list of IDs. # Limits the result set to users _not_ in the given query/list of IDs.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment