Use Arel.sql to curcunvent security restriction on rails 6.1

2026-01-30 21:27:17 +00:00 · 2021-05-13 23:54:57 +01:00
parent f29f525d90
commit 3d2155b60e
1 changed files with 3 additions and 1 deletions
--- a/app/services/products_renderer.rb
+++ b/app/services/products_renderer.rb
@@ -31,7 +31,9 @@ class ProductsRenderer
    return unless order_cycle

    @products ||= begin
-      results = distributed_products.products_relation.order(taxon_order)
+      results = distributed_products.
+        products_relation.
+        order(Arel.sql(taxon_order))

      filter_and_paginate(results).
        each { |product| product_scoper.scope(product) } # Scope results with variant_overrides