Giters

happy-se-life / kanban

Kanban plugin for redmine

Home Page:https://it-managers-life.hatenablog.com/entry/2019/03/24/112052

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

deprecated warning

yennor opened this issue · comments

commented

Whenever I use the plugin there are a lot of deprecated warnings:

DEPRECATION WARNING: Dangerous query method (method whose arguments are used as raw SQL) called with non-attribute argument(s): "CASE assigned_to_id WHEN '5' THEN 1 ELSE 2 END, assigned_to_id DESC". Non-attribute arguments will be disallowed in Rails 6.0. This method should not be called with user-provided values, such as request parameters or model attributes. Known-safe values can be passed by wrapping them in Arel.sql(). (called from block in index at /usr/share/redmine/plugins/kanban/app/controllers/kanban_controller.rb:182)

As it seems that means:

  • The plugin won't work anymore with rails 6
  • I didn't check out the code or anything, but if I understand that warning correctly, it means the plugin would potentially be susceptible for an sql injection attack?
commented

@yennor
Hello,

Thank you for pointing out the problem.
I have fixed the problem now.
Check it out when you have the time.

commented

cool. Works :-)