QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-19 12:04:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize input for ilike in Account::Entry.search (#988)

Browse Source
This commit is contained in:
Tony Vincent
2024-07-16 15:26:14 +02:00
committed by GitHub
parent cdbca5aff3
commit d0bc959bee
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/account/entry.rb
View File

@@ -137,7 +137,7 @@ class Account::Entry < ApplicationRecord
def search(params)
query = all
query = query.where("account_entries.name ILIKE ?", "%#{params[:search]}%") if params[:search].present?
query = query.where("account_entries.name ILIKE ?", "%#{sanitize_sql_like(params[:search])}%") if params[:search].present?
query = query.where("account_entries.date >= ?", params[:start_date]) if params[:start_date].present?
query = query.where("account_entries.date <= ?", params[:end_date]) if params[:end_date].present?