dossier: fix SQL deprecation error
ActiveRecord 6.1 disallows passing strings to the `order()` function, to prevent SQL injections. Here we know that the order string is safe: `ts_vector` is constant, and `ts_query` is properly escaped. Wrap the SQL fragment in Arel.sql to bypass the error.
This commit is contained in:
parent
21356e42b8
commit
185c74d891
1 changed files with 2 additions and 2 deletions
|
@ -37,7 +37,7 @@ class DossierSearchService
|
|||
|
||||
dossiers
|
||||
.where("#{ts_vector} @@ #{ts_query}")
|
||||
.order("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC")
|
||||
.order(Arel.sql("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC"))
|
||||
end
|
||||
|
||||
def self.dossier_by_exact_id_for_user(search_terms, user)
|
||||
|
@ -57,7 +57,7 @@ class DossierSearchService
|
|||
.dossiers
|
||||
.state_not_brouillon
|
||||
.where("#{ts_vector} @@ #{ts_query}")
|
||||
.order("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC")
|
||||
.order(Arel.sql("COALESCE(ts_rank(#{ts_vector}, #{ts_query}), 0) DESC"))
|
||||
end
|
||||
|
||||
def self.to_tsquery(search_terms)
|
||||
|
|
Loading…
Reference in a new issue