Sha256: 3c62c004a393fdc24d9eb2a57424856956ef6ebdf6722727ca4d01c302caeabf
Contents?: true
Size: 1.4 KB
Versions: 1
Compression:
Stored size: 1.4 KB
Contents
# SanitizeOrder
Sanitize an SQL order clause that might be tainted. Includes a whitelist option to
limit the available columns to sort by and translate the given column names to
actual table_name.column_name pairs.
## Installation
Add this line to your application's Gemfile:
gem 'sanitize_order'
And then execute:
$ bundle
Or install it yourself as:
$ gem install sanitize_order
## Usage
In your model, add
include SanitizeOrder
and in your controller safely set the order scope with
#sanitize_order(tainted_order)
or
#sanitize_order(tainted_order, whitelist)
where `tainted_order` is in the form of:
column_name direction, column_name direction, ...
`direction` is optional and can be `ASC` or `DESC` and defaults to `ASC` if not
given. Case is ignored.
For example:
country asc, start_date
A column name whitelist is used if given, otherwise columns are validated
directly against the table column names. `column_name` may be in the form:
table_column_name
or
table_name.table_column_name
The whitelist is a hash of allowed input table columns and the matching actual
table and column names. For example:
{
'centre_id' => 'centre.id'
'enabled_at' => 'centre.enabled_date'
'disabled_at' => 'centre.disabled_date'
'features' => 'centre_features.name'
}
The whitelist is assumed clean and correct so no checking is done on its
contents.
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| sanitize_order-1.1.2 | README.md |