Mark non-attribute usage in SQL queries as safe.

Non-attribute arguments will be disallowed in Rails 6.0.
2020-02-11 20:21:34 +01:00 · 2020-02-11 20:21:34 +01:00 · 2e2b42ef1a
commit 2e2b42ef1a
parent 4685df634c
5 changed files with 15 additions and 8 deletions
--- a/app/controllers/admins_controller.rb
+++ b/app/controllers/admins_controller.rb
@ -51,7 +51,11 @@ class AdminsController < Admin::AdminController
  end

  def stats
-    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag).limit(50).order('count(taggings.id) DESC').group(:tag).count
+    @popular_tags = ActsAsTaggableOn::Tagging.joins(:tag)
+                                             .limit(50)
+                                             .order(Arel.sql("count(taggings.id) DESC"))
+                                             .group(:tag)
+                                             .count

    case params[:range]
    when "week"
@ -72,7 +76,10 @@ class AdminsController < Admin::AdminController
      create_hash(model, :range => range)
    end

-    @posts_per_day = Post.where("created_at >= ?", Date.today - 21.days).group("DATE(created_at)").order("DATE(created_at) ASC").count
+    @posts_per_day = Post.where("created_at >= ?", Time.zone.today - 21.days)
+                         .group(Arel.sql("DATE(created_at)"))
+                         .order(Arel.sql("DATE(created_at) ASC"))
+                         .count
    @most_posts_within = @posts_per_day.values.max.to_f

    @user_count = User.count
--- a/app/controllers/contacts_controller.rb
+++ b/app/controllers/contacts_controller.rb
@ -66,7 +66,7 @@ class ContactsController < ApplicationController
      when "receiving"
        current_user.contacts.receiving
      when "by_aspect"
-        order.unshift "contact_id IS NOT NULL DESC"
+        order.unshift Arel.sql("contact_id IS NOT NULL DESC")
        contacts_by_aspect(@aspect.id)
      else
        raise ArgumentError, "unknown type #{type}"
--- a/app/models/person.rb
+++ b/app/models/person.rb
@ -162,7 +162,7 @@ class Person < ApplicationRecord
        contacts.id IS NOT NULL AS is_contact
        SQL
             )
-      .order(<<-SQL
+      .order(Arel.sql(<<-SQL
        is_author DESC,
        is_commenter DESC,
        is_liker DESC,
@ -170,7 +170,7 @@ class Person < ApplicationRecord
        profiles.full_name,
        people.diaspora_handle
        SQL
-            )
+                     ))
  }

  def self.community_spotlight
@ -241,7 +241,7 @@ class Person < ApplicationRecord
    query = query.where(contacts: {sharing: true, receiving: true}) if mutual

    query.where(closed_account: false)
-         .order(["contacts.user_id IS NULL", "profiles.last_name ASC", "profiles.first_name ASC"])
+         .order([Arel.sql("contacts.user_id IS NULL"), "profiles.last_name ASC", "profiles.first_name ASC"])
  end

  def name(opts = {})
--- a/app/services/like_service.rb
+++ b/app/services/like_service.rb
@ -22,7 +22,7 @@ class LikeService

  def find_for_post(post_id)
    likes = post_service.find!(post_id).likes
-    user ? likes.order("author_id = #{user.person.id} DESC") : likes
+    user ? likes.order(Arel.sql("author_id = #{user.person.id} DESC")) : likes
  end

  private
--- a/app/services/reshare_service.rb
+++ b/app/services/reshare_service.rb
@ -13,7 +13,7 @@ class ReshareService

  def find_for_post(post_id)
    reshares = post_service.find!(post_id).reshares
-    user ? reshares.order("author_id = #{user.person.id} DESC") : reshares
+    user ? reshares.order(Arel.sql("author_id = #{user.person.id} DESC")) : reshares
  end

  private