Fix SQL injection

#600
2025-05-28 16:39:55 +02:00 · 2017-10-04 01:37:03 +03:00 · 2017-10-04 01:37:03 +03:00 · c6bd590b38
commit c6bd590b38
parent a82625c635
1 changed files with 1 additions and 1 deletions
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@ -24,7 +24,7 @@ class WhiteIp < ActiveRecord::Base

  class << self
    def include_ip?(ip)
-      where("#{table_name}.ipv4 = '#{ip}' OR #{table_name}.ipv6 = '#{ip}'").any?
+      where('ipv4 = :ip OR ipv6 = :ip', ip: ip).any?
    end
  end
 end