diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 0bc45d0ddf3..d4b856d73ba 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -65,7 +65,7 @@ class GroupsController < ApplicationController if !guardian.is_staff? # hide automatic groups from all non stuff to de-clutter page - groups = groups.where("automatic IS FALSE OR groups.id = #{Group::AUTO_GROUPS[:moderators]}") + groups = groups.where("automatic IS FALSE OR groups.id = ?", Group::AUTO_GROUPS[:moderators]) type_filters.delete(:automatic) end @@ -129,7 +129,7 @@ class GroupsController < ApplicationController format.json do groups = Group.visible_groups(current_user) if !guardian.is_staff? - groups = groups.where("automatic IS FALSE OR groups.id = #{Group::AUTO_GROUPS[:moderators]}") + groups = groups.where("automatic IS FALSE OR groups.id = ?", Group::AUTO_GROUPS[:moderators]) end render_json_dump( diff --git a/app/jobs/onceoff/migrate_custom_emojis.rb b/app/jobs/onceoff/migrate_custom_emojis.rb index 866ec4e4218..f359a23c999 100644 --- a/app/jobs/onceoff/migrate_custom_emojis.rb +++ b/app/jobs/onceoff/migrate_custom_emojis.rb @@ -29,7 +29,7 @@ module Jobs Emoji.clear_cache - Post.where("cooked LIKE '%#{Emoji.base_url}%'").find_each do |post| + Post.where("cooked LIKE ?", "%#{Emoji.base_url}%").find_each do |post| post.rebake! end end diff --git a/app/jobs/regular/anonymize_user.rb b/app/jobs/regular/anonymize_user.rb index c078706c044..7343163e49b 100644 --- a/app/jobs/regular/anonymize_user.rb +++ b/app/jobs/regular/anonymize_user.rb @@ -46,8 +46,9 @@ module Jobs # UserHistory for delete_user logs the user's IP. Note this is quite ugly but we don't # have a better way of querying on details right now. UserHistory.where( - "action = :action AND details LIKE 'id: #{@user_id}\n%'", - action: UserHistory.actions[:delete_user] + "action = :action AND details LIKE :details", + action: UserHistory.actions[:delete_user], + details: "id: #{@user_id}\n%", ).update_all(ip_address: new_ip) end diff --git a/app/jobs/scheduled/clean_up_uploads.rb b/app/jobs/scheduled/clean_up_uploads.rb index 9c9ce5df3ca..ecaa5d3876e 100644 --- a/app/jobs/scheduled/clean_up_uploads.rb +++ b/app/jobs/scheduled/clean_up_uploads.rb @@ -41,9 +41,9 @@ module Jobs if upload.sha1.present? # TODO: Remove this check after UploadReferences records were created encoded_sha = Base62.encode(upload.sha1.hex) - next if ReviewableQueuedPost.pending.where("payload->>'raw' LIKE '%#{upload.sha1}%' OR payload->>'raw' LIKE '%#{encoded_sha}%'").exists? - next if Draft.where("data LIKE '%#{upload.sha1}%' OR data LIKE '%#{encoded_sha}%'").exists? - next if UserProfile.where("bio_raw LIKE '%#{upload.sha1}%' OR bio_raw LIKE '%#{encoded_sha}%'").exists? + next if ReviewableQueuedPost.pending.where("payload->>'raw' LIKE ? OR payload->>'raw' LIKE ?", "%#{upload.sha1}%", "%#{encoded_sha}%").exists? + next if Draft.where("data LIKE ? OR data LIKE ?", "%#{upload.sha1}%", "%#{encoded_sha}%").exists? + next if UserProfile.where("bio_raw LIKE ? OR bio_raw LIKE ?", "%#{upload.sha1}%", "%#{encoded_sha}%").exists? upload.destroy else diff --git a/app/jobs/scheduled/enqueue_digest_emails.rb b/app/jobs/scheduled/enqueue_digest_emails.rb index e76a60d97eb..7d9ad9fa16b 100644 --- a/app/jobs/scheduled/enqueue_digest_emails.rb +++ b/app/jobs/scheduled/enqueue_digest_emails.rb @@ -23,12 +23,12 @@ module Jobs .where(staged: false) .joins(:user_option, :user_stat, :user_emails) .where("user_options.email_digests") - .where("user_stats.bounce_score < #{SiteSetting.bounce_score_threshold}") + .where("user_stats.bounce_score < ?", SiteSetting.bounce_score_threshold) .where("user_emails.primary") .where("COALESCE(last_emailed_at, '2010-01-01') <= CURRENT_TIMESTAMP - ('1 MINUTE'::INTERVAL * user_options.digest_after_minutes)") .where("COALESCE(user_stats.digest_attempted_at, '2010-01-01') <= CURRENT_TIMESTAMP - ('1 MINUTE'::INTERVAL * user_options.digest_after_minutes)") .where("COALESCE(last_seen_at, '2010-01-01') <= CURRENT_TIMESTAMP - ('1 MINUTE'::INTERVAL * user_options.digest_after_minutes)") - .where("COALESCE(last_seen_at, '2010-01-01') >= CURRENT_TIMESTAMP - ('1 DAY'::INTERVAL * #{SiteSetting.suppress_digest_email_after_days})") + .where("COALESCE(last_seen_at, '2010-01-01') >= CURRENT_TIMESTAMP - ('1 DAY'::INTERVAL * ?)", SiteSetting.suppress_digest_email_after_days) .order("user_stats.digest_attempted_at ASC NULLS FIRST") # If the site requires approval, make sure the user is approved diff --git a/app/models/upload.rb b/app/models/upload.rb index 813c5e57e91..d11e79d0733 100644 --- a/app/models/upload.rb +++ b/app/models/upload.rb @@ -480,7 +480,7 @@ class Upload < ActiveRecord::Base db = RailsMultisite::ConnectionManagement.current_db scope = Upload.by_users - .where("url NOT LIKE '%/original/_X/%' AND url LIKE '%/uploads/#{db}%'") + .where("url NOT LIKE '%/original/_X/%' AND url LIKE ?", "%/uploads/#{db}%") .order(id: :desc) scope = scope.limit(limit) if limit diff --git a/lib/search.rb b/lib/search.rb index 24115742085..4e4df3d96dc 100644 --- a/lib/search.rb +++ b/lib/search.rb @@ -446,10 +446,10 @@ class Search def post_action_type_filter(posts, post_action_type) posts.where("posts.id IN ( SELECT pa.post_id FROM post_actions pa - WHERE pa.user_id = #{@guardian.user.id} AND - pa.post_action_type_id = #{post_action_type} AND + WHERE pa.user_id = ? AND + pa.post_action_type_id = ? AND deleted_at IS NULL - )") + )", @guardian.user.id, post_action_type) end advanced_filter(/^in:(likes)$/i) do |posts, match| @@ -464,17 +464,17 @@ class Search # search based on a RegisteredBookmarkable's #search_query method. advanced_filter(/^in:(bookmarks)$/i) do |posts, match| if @guardian.user - posts.where(<<~SQL) + posts.where(<<~SQL, @guardian.user.id) posts.id IN ( SELECT bookmarkable_id FROM bookmarks - WHERE bookmarks.user_id = #{@guardian.user.id} AND bookmarks.bookmarkable_type = 'Post' + WHERE bookmarks.user_id = ? AND bookmarks.bookmarkable_type = 'Post' ) SQL end end advanced_filter(/^in:posted$/i) do |posts| - posts.where("posts.user_id = #{@guardian.user.id}") if @guardian.user + posts.where("posts.user_id = ?", @guardian.user.id) if @guardian.user end advanced_filter(/^in:(created|mine)$/i) do |posts| @@ -640,7 +640,7 @@ class Search advanced_filter(/^user:(.+)$/i) do |posts, match| user_id = User.where(staged: false).where('username_lower = ? OR id = ?', match.downcase, match.to_i).pluck_first(:id) if user_id - posts.where("posts.user_id = #{user_id}") + posts.where("posts.user_id = ?", user_id) else posts.where("1 = 0") end @@ -656,7 +656,7 @@ class Search end if user_id - posts.where("posts.user_id = #{user_id}") + posts.where("posts.user_id = ?", user_id) else posts.where("1 = 0") end @@ -1043,13 +1043,13 @@ class Search posts.where("topics.category_id in (?)", category_ids) elsif is_topic_search - posts.where("topics.id = #{@search_context.id}") + posts.where("topics.id = ?", @search_context.id) .order("posts.post_number #{@order == :latest ? "DESC" : ""}") elsif @search_context.is_a?(Tag) posts = posts .joins("LEFT JOIN topic_tags ON topic_tags.topic_id = topics.id") .joins("LEFT JOIN tags ON tags.id = topic_tags.tag_id") - posts.where("tags.id = #{@search_context.id}") + posts.where("tags.id = ?", @search_context.id) end else posts = categories_ignored(posts) unless @category_filter_matched @@ -1243,8 +1243,8 @@ class Search end if min_id > 0 - low_set = query.dup.where("post_search_data.post_id < #{min_id}") - high_set = query.where("post_search_data.post_id >= #{min_id}") + low_set = query.dup.where("post_search_data.post_id < ?", min_id) + high_set = query.where("post_search_data.post_id >= ?", min_id) return { default: wrap_rows(high_set), remaining: wrap_rows(low_set) } end diff --git a/lib/tasks/posts.rake b/lib/tasks/posts.rake index e3225f8ada2..0304e80caac 100644 --- a/lib/tasks/posts.rake +++ b/lib/tasks/posts.rake @@ -506,7 +506,7 @@ def recover_uploads_from_index(path) db = RailsMultisite::ConnectionManagement.current_db cdn_path = SiteSetting.cdn_path("/uploads/#{db}").sub(/https?:/, "") - Post.where("cooked LIKE '%#{cdn_path}%'").each do |post| + Post.where("cooked LIKE ?", "%#{cdn_path}%").each do |post| regex = Regexp.new("((https?:)?#{Regexp.escape(cdn_path)}[^,;\\]\\>\\t\\n\\s)\"\']+)") uploads = [] post.raw.scan(regex).each do |match| @@ -663,9 +663,10 @@ def correct_inline_uploads verbose = ENV["VERBOSE"] scope = Post.joins(:upload_references).distinct("posts.id") - .where(<<~SQL) - raw LIKE '%/uploads/#{RailsMultisite::ConnectionManagement.current_db}/original/%' - SQL + .where( + "raw LIKE ?", + "%/uploads/#{RailsMultisite::ConnectionManagement.current_db}/original/%", + ) affected_posts_count = scope.count fixed_count = 0 diff --git a/lib/tasks/uploads.rake b/lib/tasks/uploads.rake index bfc2806faaa..e113eedee72 100644 --- a/lib/tasks/uploads.rake +++ b/lib/tasks/uploads.rake @@ -31,7 +31,7 @@ def gather_uploads puts "", "Gathering uploads for '#{current_db}'...", "" Upload.where("url ~ '^\/uploads\/'") - .where("url !~ '^\/uploads\/#{current_db}'") + .where("url !~ ?", "^\/uploads\/#{current_db}") .find_each do |upload| begin old_db = upload.url[/^\/uploads\/([^\/]+)\//, 1] diff --git a/lib/topic_query.rb b/lib/topic_query.rb index ec75d182064..c5b5b84b94e 100644 --- a/lib/topic_query.rb +++ b/lib/topic_query.rb @@ -311,9 +311,9 @@ class TopicQuery def list_group_topics(group) list = default_results.where(" topics.user_id IN ( - SELECT user_id FROM group_users gu WHERE gu.group_id = #{group.id.to_i} + SELECT user_id FROM group_users gu WHERE gu.group_id = ? ) - ") + ", group.id.to_i) create_list(:group_topics, {}, list) end diff --git a/lib/topic_query/private_message_lists.rb b/lib/topic_query/private_message_lists.rb index 395b54fad50..c8883169a97 100644 --- a/lib/topic_query/private_message_lists.rb +++ b/lib/topic_query/private_message_lists.rb @@ -118,20 +118,20 @@ class TopicQuery result = result.joins("INNER JOIN group_users gu ON gu.group_id = tag.group_id AND gu.user_id = #{user.id.to_i}") end elsif type == :user - result = result.where("topics.id IN (SELECT topic_id FROM topic_allowed_users WHERE user_id = #{user.id.to_i})") + result = result.where("topics.id IN (SELECT topic_id FROM topic_allowed_users WHERE user_id = ?)", user.id.to_i) elsif type == :all group_ids = group_with_messages_ids(user) result = if group_ids.present? - result.where(<<~SQL) + result.where(<<~SQL, user.id.to_i, group_ids) topics.id IN ( SELECT topic_id FROM topic_allowed_users - WHERE user_id = #{user.id.to_i} + WHERE user_id = ? UNION ALL SELECT topic_id FROM topic_allowed_groups - WHERE group_id IN (#{group_ids.join(",")}) + WHERE group_id IN (?) ) SQL else @@ -259,10 +259,10 @@ class TopicQuery end def have_posts_from_others(list, user) - list.where(<<~SQL) + list.where(<<~SQL, user.id.to_i) NOT ( topics.participant_count = 1 - AND topics.user_id = #{user.id.to_i} + AND topics.user_id = ? AND topics.moderator_posts_count = 0 ) SQL diff --git a/plugins/poll/lib/tasks/migrate_old_polls.rake b/plugins/poll/lib/tasks/migrate_old_polls.rake index c058c06a693..91046fb1df9 100644 --- a/plugins/poll/lib/tasks/migrate_old_polls.rake +++ b/plugins/poll/lib/tasks/migrate_old_polls.rake @@ -58,7 +58,7 @@ task "poll:migrate_old_polls" => :environment do options = post.custom_fields["polls"]["poll"]["options"] # iterate over all votes PluginStoreRow.where(plugin_name: "poll") - .where("key LIKE 'poll_vote_#{post_id}_%'") + .where("key LIKE ?", "poll_vote_#{post_id}_%") .pluck(:key, :value) .each do |poll_vote_key, vote| # extract the user_id