From e1d596f3d330f6902be568c867615eaa07fe47cb Mon Sep 17 00:00:00 2001
From: Priit Tark <priit@gitlab.eu>
Date: Sat, 16 May 2015 10:42:00 +0300
Subject: [PATCH] Just in case sanitize zonefile query

---
 app/models/zonefile_setting.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/models/zonefile_setting.rb b/app/models/zonefile_setting.rb
index 8747a11ca..76e4aa24f 100644
--- a/app/models/zonefile_setting.rb
+++ b/app/models/zonefile_setting.rb
@@ -13,10 +13,8 @@ class ZonefileSetting < ActiveRecord::Base
     filename = "#{origin}.zone"
 
     STDOUT << "#{Time.zone.now.utc} - Generating zonefile #{filename}\n"
-
-    zf = ActiveRecord::Base.connection.execute(
-      "select generate_zonefile('#{origin}')"
-    )[0]['generate_zonefile']
+    sanitized_query = sanitize_sql("select generate_zonefile(?)", origin)
+    zf = ActiveRecord::Base.connection.execute(sanitized_query)[0]['generate_zonefile']
 
     File.open("#{ENV['zonefile_export_dir']}/#{filename}", 'w') { |f| f.write(zf) }