Sha256: b051abc9bd82ef80b6db89e95e8d3110e960acb6fe1284a246f110bb4777e8a6
Contents?: true
Size: 758 Bytes
Versions: 50
Compression:
Stored size: 758 Bytes
Contents
module Rao
module ResourcesController::SortingConcern
private
def load_collection_scope
add_order_scope(super)
end
def add_order_scope(base_scope)
if params[:sort_by].present?
if params[:sort_by].include?(' ') || params[:sort_direction].include?(' ')
raise "Possible SQL Injection attempt while trying to sort by #{params[:sort_by]} #{params[:sort_direction]}"
end
sort_by = params[:sort_by]
sort_direction = (params[:sort_direction] || :asc)
if sort_by.include?('.')
base_scope.reorder("#{sort_by} #{sort_direction}")
else
base_scope.reorder(sort_by => sort_direction)
end
else
base_scope
end
end
end
end
Version data entries
50 entries across 50 versions & 1 rubygems