Docker/Maybe
Docker/Maybe
1
0
Fork 0
mirror of https://github.com/maybe-finance/maybe.git synced 2025-07-25 08:09:38 +02:00
Code Issues Releases Activity Actions 2

Sanitize input for ilike in Account::Entry.search (#988)

Browse source
This commit is contained in:
Tony Vincent 2024-07-16 15:26:14 +02:00 committed by GitHub
parent cdbca5aff3
commit d0bc959bee
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/models/account/entry.rb
View file

@ -137,7 +137,7 @@ class Account::Entry < ApplicationRecord
def search(params)
query = all
query = query.where("account_entries.name ILIKE ?", "%#{params[:search]}%") if params[:search].present?
query = query.where("account_entries.name ILIKE ?", "%#{sanitize_sql_like(params[:search])}%") if params[:search].present?
query = query.where("account_entries.date >= ?", params[:start_date]) if params[:start_date].present?
query = query.where("account_entries.date <= ?", params[:end_date]) if params[:end_date].present?