System-End/hackatime
1
0
Fork 0
mirror of https://github.com/System-End/hackatime.git synced 2026-04-19 23:32:53 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix usage of sanitize_sql_array

Browse source
This commit is contained in:
Max Wofford 2025-02-21 20:48:24 -05:00
parent 20ad9a1d49
commit d85dcd7e43
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/jobs/leaderboard_update_job.rb
View file

@ -22,7 +22,7 @@ class LeaderboardUpdateJob < ApplicationJob
ActiveRecord::Base.transaction do
valid_user_ids.each_slice(BATCH_SIZE) do |batch_user_ids|
# Ensure all IDs are strings and contain no special characters
safe_user_ids = ActiveRecord::Base.sanitize_sql_array(batch_user_ids)
safe_user_ids = ActiveRecord::Base.sanitize_sql_array("'" + batch_user_ids.join("','") + "'")
user_durations = Heartbeat.connection.select_all(<<-SQL).to_a
WITH time_diffs AS (
SELECT#{' '}
@ -36,7 +36,7 @@ class LeaderboardUpdateJob < ApplicationJob
END as diff_seconds
FROM heartbeats
WHERE DATE(time) = '#{parsed_date}'
AND user_id IN ('#{safe_user_ids}')
AND user_id IN (#{safe_user_ids})
)
SELECT#{' '}
user_id,