Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


paginate_by_sql not santizing aliased table name in ORDER BY #120

ekolve opened this Issue · 1 comment

3 participants


Line 141 of finder.rb has this:

        count_query = original_query.sub /\bORDER\s+BY\s+[\w`,\s]+$/mi, ''

If original query has an aliased table name, the ORDER BY is not stripped. For example,

SELECT * from authors a, books b WHERE b.author_id = ORDER BY DESC

If you modify the statement to be:

        count_query = original_query.sub /\bORDER\s+BY\s+[\w`,\s\.]+$/mi, ''

the ORDER BY is stripped


I've submitted a pull request #148 for this issue.

@mislav mislav closed this in 370c97b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.