search

igorkasyanchuk / rails_db

Rails Database Viewer and SQL Query Runner
https://www.railsjazz.com/
MIT License
1.46k stars 111 forks source link

Generating a URL from non sanitized request parameters is insecure! #52

Closed adamshen closed 7 years ago

adamshen commented 8 years ago

In rails 5, it seems parameters need to be sanitized when we use then to generate urls.

adamshen commented 8 years ago 
ActionView::Template::Error` (Generating a URL from non sanitized request parameters is insecure!):
    73:         <% end %>
    74:         <% @model.column_names.each do |column| %>
    75:           <th class="column_<%= column %>" style="<%= display_style_column(@table.name, column)%>">
    76:             <%= sort_link @q, column, controller: :tables, action: :data %>
    77:           </th>
    78:         <% end %>
    79:       </tr>
igorkasyanchuk commented 8 years ago

@adamshen could you please make a PR with fix?

igorkasyanchuk commented 7 years ago

try now