Gitlink
/
forgeplus
33
1
Fork 58
Code Issues 1 Pull Requests 1 Packages Releases 15 Wiki Activity

更改:防止sql注入

This commit is contained in:
yystopf 2023-12-19 15:05:00 +08:00
parent 21f559f254
commit 26461f3a44
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/admins/projects_rank_controller.rb
View File

@ -25,11 +25,11 @@ class Admins::ProjectsRankController < Admins::BaseController
end
def sort_by
params.fetch(:sort_by, "score")
DailyProjectStatistic.column_names.include?(params.fetch(:sort_by, "score")) ? params.fetch(:sort_by, "score") : "score"
end
def sort_direction
params.fetch(:sort_direction, "desc")
%w(desc asc).include?(params.fetch(:sort_direction, "desc")) ? params.fetch(:sort_direction, "desc") : "desc"
end
def export_excel(data)