From ce3fbfe4eb639737387a9b944cecd271e63d5412 Mon Sep 17 00:00:00 2001
From: sboursen-scinote <soufiane@scinote.net>
Date: Fri, 10 Mar 2023 11:13:00 +0100
Subject: [PATCH] Sanitize datatable params [SCI-8007]

---
 app/datatables/protocol_linked_children_datatable.rb | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/app/datatables/protocol_linked_children_datatable.rb b/app/datatables/protocol_linked_children_datatable.rb
index 0963befda..8b913102f 100644
--- a/app/datatables/protocol_linked_children_datatable.rb
+++ b/app/datatables/protocol_linked_children_datatable.rb
@@ -86,10 +86,7 @@ class ProtocolLinkedChildrenDatatable < CustomDatatable
 
   def filter_child_records(records)
     if params[:version].present?
-      version = params[:version]
-      records = records.joins('LEFT JOIN protocols protocol_parents ' \
-                       'ON protocols.parent_id = protocol_parents.id ')
-                       .where('protocol_parents.version_number = #{version}')
+      records = records.left_outer_joins(:parent).where(parent: { version_number: params[:version] })
     end
     records
   end