From a114c988b4c17e37508f1d0f96b93fd8b96d2df9 Mon Sep 17 00:00:00 2001
From: Shinya Maeda <gitlab.shinyamaeda@gmail.com>
Date: Wed, 1 Mar 2017 21:43:25 +0900
Subject: Fixed SQL injection

---
 app/finders/pipelines_finder.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/finders/pipelines_finder.rb')

diff --git a/app/finders/pipelines_finder.rb b/app/finders/pipelines_finder.rb
index 4a44a469a48..5408cc09096 100644
--- a/app/finders/pipelines_finder.rb
+++ b/app/finders/pipelines_finder.rb
@@ -103,9 +103,9 @@ class PipelinesFinder
     if params[:order_by].present? && params[:sort].present? && 
         items.column_names.include?(params[:order_by]) && 
         (params[:sort].casecmp('ASC') || params[:sort].casecmp('DESC'))
-      items.order("#{params[:order_by]} #{params[:sort]}")
+      items.reorder(params[:order_by] => params[:sort])
     else
-      items.order(id: :desc)
+      items.reorder(id: :desc)
     end
   end
 end
-- 
cgit v1.2.1