Broken implicit sorting by join tables in v1.2.3

Sology / smart_listing

Ruby on Rails data listing gem with built-in sorting, filtering and in-place editing.

http://showcase.sology.eu/smart_listing

MIT License

478 stars 138 forks source link

Broken implicit sorting by join tables in v1.2.3 #158

Open sasha-id opened 5 years ago

sasha-id commented 5 years ago

This change in version 1.2.3 breaks implicit sorting by join tables aka join_table.column. I guess the change was made to avoid SQL injections, but simple regex filter will work as well.

smart_listing/lib/smart_listing.rb

key = attr.to_s if @options[:array] || @collection.klass.attribute_method?(attr)

korun commented 5 years ago

Hi! Then this regex should include all of database-specific identifier's quotes (like " for postgresql and others, backticks for some mysql, etc) and optional schema name? For quick fix you can clearly specify sorting fields on smart_listing_create:

  sort_attributes: [
    [:column, 'join_table.column']
  ],