diff options
author | Markus Koller <mkoller@gitlab.com> | 2019-08-07 22:22:02 +0200 |
---|---|---|
committer | Markus Koller <mkoller@gitlab.com> | 2019-08-09 15:26:44 +0200 |
commit | 336a90c936ae75a67d4413e6f115e4f66d2f773b (patch) | |
tree | d7cc3c693ebc285349ea98944fe2d6d8bd5ba56a | |
parent | 28a17ae59f98f187d9408e2a26d569844bc02433 (diff) | |
download | gitlab-ce-ce-12547-load-search-counts-async.tar.gz |
Fix deprecation warning for dangerous order usagece-12547-load-search-counts-async
-rw-r--r-- | app/models/user.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index ac83c8e3256..374e00987c5 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -438,18 +438,20 @@ class User < ApplicationRecord order = <<~SQL CASE - WHEN users.name = %{query} THEN 0 - WHEN users.username = %{query} THEN 1 - WHEN users.email = %{query} THEN 2 + WHEN users.name = :query THEN 0 + WHEN users.username = :query THEN 1 + WHEN users.email = :query THEN 2 ELSE 3 END SQL + sanitized_order_sql = Arel.sql(sanitize_sql_array([order, query: query])) + where( fuzzy_arel_match(:name, query, lower_exact_match: true) .or(fuzzy_arel_match(:username, query, lower_exact_match: true)) .or(arel_table[:email].eq(query)) - ).reorder(order % { query: ApplicationRecord.connection.quote(query) }, :name) + ).reorder(sanitized_order_sql, :name) end # Limits the result set to users _not_ in the given query/list of IDs. |