cuttable 0.0.6 → 0.0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -20
- data/cuttable.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 66188d11cb703de306698c00bba927c82325854d5ec30d83ac48bc57cc6dc38b
|
4
|
+
data.tar.gz: 07d363bf2de3804fb9fca0cdc7865ae535ab29b4e6fb4345ab914f42de7a343b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 68e7be881d179722fc7fcd036d8d3210149bdb67b6f4b6d856b64d740deed61ae74601bb5f4e3b19806c4e784aef041d4859760a32a70502a3caa2c564d662e5
|
7
|
+
data.tar.gz: 379ac423bc212c0555e77c91e9a5384939cf4b3ce3f8fe407507fb5990c3e2edd97a82cf3a4c17d29bb39451ff3194b070ab084bd93b65dec051c9d3b90e4239
|
data/README.md
CHANGED
@@ -1,36 +1,35 @@
|
|
1
1
|
# cuttable
|
2
2
|
Escape SQL injection when you order with params
|
3
3
|
|
4
|
-
|
4
|
+
## Getting started
|
5
5
|
|
6
6
|
1. Add inside your Gemfile
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
```
|
8
|
+
gem 'cuttable'
|
9
|
+
|
11
10
|
|
12
11
|
2. Include concern and execute default_order to set default order for
|
13
12
|
sanitize_order method.
|
14
13
|
|
15
|
-
```ruby
|
16
|
-
class User < ActiveRecord::Base
|
17
|
-
|
18
|
-
|
19
|
-
end
|
20
|
-
```
|
14
|
+
```ruby
|
15
|
+
class User < ActiveRecord::Base
|
16
|
+
include Cuttable # include concern
|
17
|
+
default_order 'id desc' # set default order for sanitize_order method
|
18
|
+
end
|
19
|
+
```
|
21
20
|
|
22
|
-
|
21
|
+
## Usage
|
23
22
|
|
24
23
|
```ruby
|
25
|
-
|
26
|
-
|
27
|
-
|
24
|
+
# good queries
|
25
|
+
params[:order] = 'id DESC'
|
26
|
+
User.sanitize_order(params[:order])
|
28
27
|
|
29
|
-
|
30
|
-
|
28
|
+
params[:order] = 'id, username DESC'
|
29
|
+
User.sanitize_order(params[:order])
|
31
30
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
31
|
+
# bad query
|
32
|
+
params[:order] = 'id, (select sleep(2000) from dual where database() like database())#'
|
33
|
+
# it should back off to the default query you set with default_order
|
34
|
+
User.sanitize_order(params[:order])
|
36
35
|
```
|
data/cuttable.gemspec
CHANGED