Sha256: e61c7838c699d57e7d2761a37e5fbafeb1dedb28ccfd57d4e76c20f694435c3a
Contents?: true
Size: 822 Bytes
Versions: 4
Compression:
Stored size: 822 Bytes
Contents
module Rao
module Api
module ResourcesController::SortingConcern
private
def load_collection_scope
add_order_scope(super)
end
def add_order_scope(base_scope)
if params[:sort_by].present?
if params[:sort_by].include?(' ') || params[:sort_direction].include?(' ')
raise "Possible SQL Injection attempt while trying to sort by #{params[:sort_by]} #{params[:sort_direction]}"
end
sort_by = params[:sort_by]
sort_direction = (params[:sort_direction] || :asc)
if sort_by.include?('.')
base_scope.reorder("#{sort_by} #{sort_direction}")
else
base_scope.reorder(sort_by => sort_direction)
end
else
base_scope
end
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems