From c6bd590b384e584d4958ffb7ff6c97db002ab177 Mon Sep 17 00:00:00 2001
From: Artur Beljajev <artur.beljajev@internet.ee>
Date: Wed, 4 Oct 2017 01:37:03 +0300
Subject: [PATCH] Fix SQL injection

#600
---
 app/models/white_ip.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/white_ip.rb b/app/models/white_ip.rb
index 80ba14506..251fc60ac 100644
--- a/app/models/white_ip.rb
+++ b/app/models/white_ip.rb
@@ -24,7 +24,7 @@ class WhiteIp < ActiveRecord::Base
 
   class << self
     def include_ip?(ip)
-      where("#{table_name}.ipv4 = '#{ip}' OR #{table_name}.ipv6 = '#{ip}'").any?
+      where('ipv4 = :ip OR ipv6 = :ip', ip: ip).any?
     end
   end
 end