Sha256: eb55f8fe4778f1db5db0a7b15fbb6a687521bc336ac2a9302913d8cd7147f430

Contents?: true

Size: 747 Bytes

Versions: 3

Compression:

Stored size: 747 Bytes

Contents

module ResourcesController
  module Sorting
    private

    def load_collection_scope
      add_order_scope(super)
    end

    def add_order_scope(base_scope)
      if params[:sort_by].present?
        if params[:sort_by].include?(' ') || params[:sort_direction].include?(' ')
          raise "Possible SQL Injection attempt while trying to sort by #{params[:sort_by]} #{params[:sort_direction]}"
        end

        sort_by        = params[:sort_by]
        sort_direction = (params[:sort_direction] || :asc)

        if sort_by.include?('.')
          base_scope.reorder("#{sort_by} #{sort_direction}")
        else
          base_scope.reorder(sort_by => sort_direction)
        end
      else
        base_scope
      end
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
rails-add_ons-3.0.0.pre1 app/concerns/resources_controller/sorting.rb
rails-add_ons-2.2.1 app/concerns/resources_controller/sorting.rb
rails-add_ons-2.2.0 app/concerns/resources_controller/sorting.rb