Skip to content
Browse files

Added scope_name filtering

  • Loading branch information...
1 parent df71c24 commit 440d7c87a2ded2736142f768f7a5c9f47e35890b @romul romul committed with schof Oct 4, 2011
Showing with 9 additions and 5 deletions.
  1. +8 −4 core/app/models/product_group.rb
  2. +1 −1 core/app/models/product_scope.rb
View
12 core/app/models/product_group.rb
@@ -90,10 +90,14 @@ def from_search(search_hash)
end
def add_scope(scope_name, arguments=[])
- self.product_scopes << ProductScope.new({
- :name => scope_name.to_s,
- :arguments => [*arguments]
- })
+ if scope_name.to_s !~ /eval|send|system|[^a-z0-9_!?]/
+ self.product_scopes << ProductScope.new({
+ :name => scope_name.to_s,
+ :arguments => [*arguments]
+ })
+ else
+ raise ArgumentError.new("'#{scope_name}` can't be used as scope")
+ end
self
end
View
2 core/app/models/product_scope.rb
@@ -31,7 +31,7 @@ def apply_on(another_scope)
Product.send(self.name.intern, *array)
end
else
- relation2 = Product.search({self.name.intern => array}).relation
+ relation2 = Product.metasearch({self.name.intern => array}).relation
end
unless another_scope.class == ActiveRecord::Relation
another_scope = another_scope.send(:relation)

0 comments on commit 440d7c8

Please sign in to comment.
Something went wrong with that request. Please try again.