mirror of
https://github.com/discourse/discourse.git
synced 2025-05-29 01:31:35 +08:00
FIX: use sql_fragment instead of sanitize_sql_array (#11460)
This is a follow up to comment under this PR https://github.com/discourse/discourse/pull/11441 Sam suggested using sql_fragment instead of sanitize_sql_array
This commit is contained in:

committed by
GitHub

parent
aa0d4ea764
commit
3ea4f36f26
@ -146,7 +146,7 @@ class TopicQuery
|
||||
|
||||
# strip out users in groups you already belong to
|
||||
target_users = target_users
|
||||
.joins("LEFT JOIN group_users gu ON gu.user_id = topic_allowed_users.user_id AND #{ActiveRecord::Base.sanitize_sql_array(['gu.group_id IN (?)', my_group_ids])}")
|
||||
.joins("LEFT JOIN group_users gu ON gu.user_id = topic_allowed_users.user_id AND #{DB.sql_fragment('gu.group_id IN (?)', my_group_ids)}")
|
||||
.where('gu.group_id IS NULL')
|
||||
end
|
||||
|
||||
@ -1014,7 +1014,7 @@ class TopicQuery
|
||||
messages.joins("
|
||||
LEFT JOIN topic_allowed_users ta2
|
||||
ON topics.id = ta2.topic_id
|
||||
AND #{ActiveRecord::Base.sanitize_sql_array(['ta2.user_id IN (?)', user_ids])}
|
||||
AND #{DB.sql_fragment('ta2.user_id IN (?)', user_ids)}
|
||||
")
|
||||
end
|
||||
|
||||
@ -1023,7 +1023,7 @@ class TopicQuery
|
||||
messages.joins("
|
||||
LEFT JOIN topic_allowed_groups tg2
|
||||
ON topics.id = tg2.topic_id
|
||||
AND #{ActiveRecord::Base.sanitize_sql_array(['tg2.group_id IN (?)', group_ids])}
|
||||
AND #{DB.sql_fragment('tg2.group_id IN (?)', group_ids)}
|
||||
")
|
||||
end
|
||||
|
||||
@ -1046,7 +1046,7 @@ class TopicQuery
|
||||
LEFT JOIN group_users gu
|
||||
ON gu.user_id = #{@user.id.to_i}
|
||||
AND gu.group_id = _tg.group_id
|
||||
WHERE #{ActiveRecord::Base.sanitize_sql_array(['gu.group_id IN (?)', group_ids])}
|
||||
WHERE #{DB.sql_fragment('gu.group_id IN (?)', group_ids)}
|
||||
) tg ON topics.id = tg.topic_id
|
||||
")
|
||||
.where("tg.topic_id IS NOT NULL")
|
||||
|
Reference in New Issue
Block a user