Commit ecc7b491c4d0da0f097128ea657e4dc42addfa2c
Exists in
theme-brasil-digital-from-staging
and in
9 other branches
Merge remote-tracking branch 'origin/production' into translate
Showing
1 changed file
with
30 additions
and
26 deletions
Show diff stats
app/models/task.rb
| ... | ... | @@ -317,32 +317,36 @@ class Task < ActiveRecord::Base |
| 317 | 317 | scope :closed, :conditions => { :status => [Task::Status::CANCELLED, Task::Status::FINISHED] } |
| 318 | 318 | scope :opened, :conditions => { :status => [Task::Status::ACTIVE, Task::Status::HIDDEN] } |
| 319 | 319 | |
| 320 | - # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 321 | - def self.of type | |
| 322 | - if type | |
| 323 | - where "type LIKE ?", type | |
| 324 | - else | |
| 325 | - all | |
| 326 | - end | |
| 327 | - end | |
| 328 | - | |
| 329 | - # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 330 | - def self.order_by attribute_name, sort_order | |
| 331 | - if Task.column_names.include? attribute_name | |
| 332 | - # TODO future versions of rails accepts a hash as param to order method | |
| 333 | - # which helps to prevent sql injection in an shorter way | |
| 334 | - sort_order_filtered = ("ASC".eql? "#{sort_order}".upcase) ? 'asc' : 'desc' | |
| 335 | - sort_expression = Task.column_names.collect {|column_name| "#{column_name} #{sort_order_filtered}" if column_name.eql? attribute_name} | |
| 336 | - order(sort_expression.join) unless sort_expression.join.empty? | |
| 337 | - end | |
| 338 | - end | |
| 339 | - | |
| 340 | - # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 341 | - def self.like field, value | |
| 342 | - if value and Tasks.column_names.include? field | |
| 343 | - where("LOWER(?) LIKE ?", "#{field}", "%#{value.downcase}%") | |
| 344 | - end | |
| 345 | - end | |
| 320 | + # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 321 | + # def self.of type | |
| 322 | + # if type | |
| 323 | + # where "type LIKE ?", type | |
| 324 | + # else | |
| 325 | + # all | |
| 326 | + # end | |
| 327 | + # end | |
| 328 | + # | |
| 329 | + # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 330 | + # def self.order_by attribute_name, sort_order | |
| 331 | + # if Task.column_names.include? attribute_name | |
| 332 | + # # TODO future versions of rails accepts a hash as param to order method | |
| 333 | + # # which helps to prevent sql injection in an shorter way | |
| 334 | + # sort_order_filtered = ("ASC".eql? "#{sort_order}".upcase) ? 'asc' : 'desc' | |
| 335 | + # sort_expression = Task.column_names.collect {|column_name| "#{column_name} #{sort_order_filtered}" if column_name.eql? attribute_name} | |
| 336 | + # order(sort_expression.join) unless sort_expression.join.empty? | |
| 337 | + # end | |
| 338 | + # end | |
| 339 | + # | |
| 340 | + # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/) | |
| 341 | + # def self.like field, value | |
| 342 | + # if value and Tasks.column_names.include? field | |
| 343 | + # where("LOWER(?) LIKE ?", "#{field}", "%#{value.downcase}%") | |
| 344 | + # end | |
| 345 | + # end | |
| 346 | + | |
| 347 | + scope :of, lambda { |type| conditions = type ? "tasks.type LIKE '#{type}'" : "1=1"; {:conditions => [conditions]} } | |
| 348 | + scope :order_by, lambda { |attribute, ord| {:order => "#{attribute} #{ord}"} } | |
| 349 | + scope :like, lambda { |field, value| where("LOWER(#{field}) LIKE ?", "%#{value.downcase}%") if value} | |
| 346 | 350 | |
| 347 | 351 | scope :pending_all, lambda { |profile, filter_type, filter_text| |
| 348 | 352 | self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text) | ... | ... |