Skip to content
This repository

paginate_by_sql not santizing aliased table name in ORDER BY #120

ekolve opened this Issue · 1 comment

3 participants

ekolve Daniel Teixeira Mislav Marohnić

Line 141 of finder.rb has this:

        count_query = original_query.sub /\bORDER\s+BY\s+[\w`,\s]+$/mi, ''

If original query has an aliased table name, the ORDER BY is not stripped. For example,

SELECT * from authors a, books b WHERE b.author_id = ORDER BY DESC

If you modify the statement to be:

        count_query = original_query.sub /\bORDER\s+BY\s+[\w`,\s\.]+$/mi, ''

the ORDER BY is stripped

Daniel Teixeira

I've submitted a pull request #148 for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.