From 3d2155b60e8283d66f2fbab1a5578cea323e65a8 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Thu, 13 May 2021 23:54:57 +0100
Subject: [PATCH] Use Arel.sql to curcunvent security restriction on rails 6.1

---
 app/services/products_renderer.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/services/products_renderer.rb b/app/services/products_renderer.rb
index 83bbae5790..bae0a252eb 100644
--- a/app/services/products_renderer.rb
+++ b/app/services/products_renderer.rb
@@ -31,7 +31,9 @@ class ProductsRenderer
     return unless order_cycle
 
     @products ||= begin
-      results = distributed_products.products_relation.order(taxon_order)
+      results = distributed_products.
+        products_relation.
+        order(Arel.sql(taxon_order))
 
       filter_and_paginate(results).
         each { |product| product_scoper.scope(product) } # Scope results with variant_overrides