From a1d135f12a70724663ab710d4eed8d8066046151 Mon Sep 17 00:00:00 2001 From: Guo Xiang Tan Date: Tue, 8 Sep 2020 12:30:09 +0800 Subject: [PATCH] DEV: Correct use of `sanitize_sql_array` in `TopicQuery`. --- lib/topic_query.rb | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/lib/topic_query.rb b/lib/topic_query.rb index 2b529b2f1bd..9d2ee6ac82c 100644 --- a/lib/topic_query.rb +++ b/lib/topic_query.rb @@ -145,7 +145,7 @@ class TopicQuery # strip out users in groups you already belong to target_users = target_users - .joins("LEFT JOIN group_users gu ON gu.user_id = topic_allowed_users.user_id AND gu.group_id IN (#{sanitize_sql_array(my_group_ids)})") + .joins("LEFT JOIN group_users gu ON gu.user_id = topic_allowed_users.user_id AND #{ActiveRecord::Base.sanitize_sql_array(['gu.group_id IN (?)', my_group_ids])}") .where('gu.group_id IS NULL') end @@ -985,7 +985,7 @@ class TopicQuery messages.joins(" LEFT JOIN topic_allowed_users ta2 ON topics.id = ta2.topic_id - AND ta2.user_id IN (#{sanitize_sql_array(user_ids)}) + AND #{ActiveRecord::Base.sanitize_sql_array(['ta2.user_id IN (?)', user_ids])} ") end @@ -994,7 +994,7 @@ class TopicQuery messages.joins(" LEFT JOIN topic_allowed_groups tg2 ON topics.id = tg2.topic_id - AND tg2.group_id IN (#{sanitize_sql_array(group_ids)}) + AND #{ActiveRecord::Base.sanitize_sql_array(['tg2.group_id IN (?)', group_ids])} ") end @@ -1017,7 +1017,7 @@ class TopicQuery LEFT JOIN group_users gu ON gu.user_id = #{@user.id.to_i} AND gu.group_id = _tg.group_id - WHERE gu.group_id IN (#{sanitize_sql_array(group_ids)}) + WHERE #{ActiveRecord::Base.sanitize_sql_array(['gu.group_id IN (?)', group_ids])} ) tg ON topics.id = tg.topic_id ") .where("tg.topic_id IS NOT NULL") @@ -1090,10 +1090,6 @@ class TopicQuery private - def sanitize_sql_array(input) - ActiveRecord::Base.public_send(:sanitize_sql_array, input.join(',')) - end - def append_read_state(list, group) group_id = group&.id return list if group_id.nil?