Error access - Dangerous query method - https://worldcupjson.net/matches/?by=total_goals

estiens / world_cup_json

Rails backend for a scraper that outputs World Cup data as JSON

927 stars 106 forks source link

Error access - Dangerous query method - https://worldcupjson.net/matches/?by=total_goals #190

Closed romain25 closed 1 year ago

romain25 commented 1 year ago

Hello, when we access to your Api, we got this error.

message": "Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): \"home_team_score + away_team_score DESC\".This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql()."

Thanks

estiens commented 1 year ago

Ah thanks, this is a simple fix and just related to security upgrades in rails. Will have it changed later on today

estiens commented 1 year ago

This should be fixed now, thanks!