You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You can see that's used the method_missing to go to find_by_sql in some cases that through the "order" parameter can be exposed to sql injection attacks.
Someone already solved this possible issue?
Thx,
Nicola.
The text was updated successfully, but these errors were encountered:
If you look here at method "paginate": https://github.com/mislav/will_paginate/blob/v2.3.15/lib/will_paginate/finder.rb
You can see that's used the method_missing to go to find_by_sql in some cases that through the "order" parameter can be exposed to sql injection attacks.
Someone already solved this possible issue?
Thx,
Nicola.
The text was updated successfully, but these errors were encountered: