Rails 6
Gloufy
Hi Sergio,
I've got this message :
DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "`pers_sports`.`id` ASC". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from block in append_to_query at /vendor/bundle/ruby/2.6.0/bundler/gems/active_scaffold-d6756e1f3eb5/lib/active_scaffold/finder.rb:539)
And I'm testing to migrate to rails 6, and I think it will not work... :)
Thank for your help (again)
Gloufy
Sergio Cambra
It should be safe as it's a deprecation warning. It should still work with rails 6.0, but I will have to find out how to do in a way accepted by rails 6.0, to get rid of these deprecation warnings, and have it working for 6.1
Probably params to order should be wrapped with Arel.sql always. There must be another way, but ActiveScaffold allows to change SQL for sorting changing column.sort_by, so using Arel.sql could be needed in those cases.
Gloufy
-- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails Gem" group.To unsubscribe from this group and stop receiving emails from it, send an email to activescaffol...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/activescaffold/e2a2fc1f-99d2-42ec-8722-ec276c0c5cca%40googlegroups.com.
Sergio Cambra
Sorry, I thought you got that warning with rails 6.0, but I saw that deprecation doing some testing with rails 5.2, so I guess ActiveScaffold won't work with rails 6.0 yet.
-- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails Gem" group.To unsubscribe from this group and stop receiving emails from it, send an email to activescaffol...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/activescaffold/529868668.moDir8k8uf%40pc-sergio.
Sergio Cambra
I have been testing master branch with rails 6.0 and I don't get that warning with rails 6.0. I think they have improved parsing and it doesn't complain if sort string is just `table`.`column`, but it raises same deprecation warning if column's sort_by include something else, such as a SQL function.
Anyway, I have wrapped params for reorder with Arel.sql, which should be good, because this change is trying to protect against order(params[:requested_order]) usage.
To view this discussion on the web visit https://groups.google.com/d/msgid/activescaffold/2520130.SuH9BfrpcY%40pc-sergio.