System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-20 00:35:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix searches for funny usernames (#767)

Browse source
This commit is contained in:
Echo 2026-01-03 11:01:02 -05:00 committed by GitHub
parent 6b56134df4
commit 7d553da1d2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
app/controllers/admin/admin_users_controller.rb
View file

@ -26,7 +26,8 @@ class Admin::AdminUsersController < Admin::BaseController
def search
query = params[:q].to_s.strip
@users = if query.present?
User.where("slack_username ILIKE :q OR username ILIKE :q OR slack_uid ILIKE :q", q: "%#{query}%")
x = ActiveRecord::Base.sanitize_sql_like(query)
User.where("slack_username ILIKE :q OR username ILIKE :q OR slack_uid ILIKE :q", q: "%#{x}%")
.limit(20)
else
User.none

2
app/controllers/api/admin/v1/admin_controller.rb
View file

@ -51,6 +51,8 @@ module Api
return
end
query = ActiveRecord::Base.sanitize_sql_like(query)
user_search_query = <<-SQL
SELECT
*