Allow only indexed columns in #order_and_sort. Remove present (Because unnecessary) from condition. Added spec just in case.

author: Shinya Maeda <gitlab.shinyamaeda@gmail.com> 2017-03-17 18:27:11 +0900
committer: Shinya Maeda <gitlab.shinyamaeda@gmail.com> 2017-05-03 02:11:51 +0900
commit: 3735b8aaa1f48ea3803e31e18f1e40d2fd091b26 (patch)
tree: 10c868d3c1407c35fc4f14a7c107b557cf86a07f /app/finders/pipelines_finder.rb
parent: f0e3076a32f1f127ef4d31b53979edd5e0218469 (diff)
download: gitlab-ce-3735b8aaa1f48ea3803e31e18f1e40d2fd091b26.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/app/finders/pipelines_finder.rb b/app/finders/pipelines_finder.rb
index 5e50eb46c7e..6a92aedc873 100644
--- a/app/finders/pipelines_finder.rb
+++ b/app/finders/pipelines_finder.rb
@@ -108,12 +108,12 @@ class PipelinesFinder
   end
 
   def order_and_sort(items)
-    order_by = if params[:order_by].present? && items.column_names.include?(params[:order_by])
+    order_by = if %w[id status ref user_id].include?(params[:order_by]) # Allow only indexed columns
                  params[:order_by]
                else
                  :id
                end
-    sort = if params[:sort].present? && params[:sort] =~ /\A(ASC|DESC)\z/i
+    sort = if params[:sort] =~ /\A(ASC|DESC)\z/i
              params[:sort]
            else
              :desc
author	Shinya Maeda <gitlab.shinyamaeda@gmail.com>	2017-03-17 18:27:11 +0900
committer	Shinya Maeda <gitlab.shinyamaeda@gmail.com>	2017-05-03 02:11:51 +0900
commit	3735b8aaa1f48ea3803e31e18f1e40d2fd091b26 (patch)
tree	10c868d3c1407c35fc4f14a7c107b557cf86a07f /app/finders/pipelines_finder.rb
parent	f0e3076a32f1f127ef4d31b53979edd5e0218469 (diff)
download	gitlab-ce-3735b8aaa1f48ea3803e31e18f1e40d2fd091b26.tar.gz