Fix SQL injections

app/controllers/admin/accompagnateurs_controller.rb

@@ -12,7 +12,7 @@ class Admin::AccompagnateursController < AdminController
       array: true
 
     not_assign_scope = current_administrateur.gestionnaires.where.not(id: assign_scope.ids)
-    not_assign_scope = not_assign_scope.where("email LIKE '%#{params[:filter]}%'") if params[:filter]
+    not_assign_scope = not_assign_scope.where("email LIKE ?", "%#{params[:filter]}%") if params[:filter]
 
     @accompagnateurs_not_assign = smart_listing_create :accompagnateurs_not_assign,
       not_assign_scope,

app/controllers/admin/procedures_controller.rb

@@ -192,7 +192,7 @@ class Admin::ProceduresController < AdminController
                      .joins(', procedures')
                      .where("procedures.id = procedure_paths.procedure_id")
                      .where("procedures.archived_at" => nil)
-                     .where("path LIKE '%#{params[:request]}%'")
+                     .where("path LIKE ?", "%#{params[:request]}%")
                      .pluck(:path, :administrateur_id)
                      .inject([]) {
                |acc, value| acc.push({label: value.first, mine: value.second == current_administrateur.id})