scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-01-06 15:40:31 +08:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize datatable params [SCI-8007]

Browse source
This commit is contained in:
sboursen-scinote 2023-03-10 11:13:00 +01:00
parent e9bdd218fa
commit ce3fbfe4eb
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/datatables/protocol_linked_children_datatable.rb
View file

@ -86,10 +86,7 @@ class ProtocolLinkedChildrenDatatable < CustomDatatable
def filter_child_records(records)
if params[:version].present?
version = params[:version]
records = records.joins('LEFT JOIN protocols protocol_parents ' \
'ON protocols.parent_id = protocol_parents.id ')
.where('protocol_parents.version_number = #{version}')
records = records.left_outer_joins(:parent).where(parent: { version_number: params[:version] })
end
records
end