fix: sanitize sql

2026-05-01 10:45:21 +00:00 · 2025-07-25 11:44:54 +05:30
parent d8d1b7409c
commit 9ada5a93b0
1 changed files with 6 additions and 3 deletions
--- a/app/models/concerns/heartbeatable.rb
+++ b/app/models/concerns/heartbeatable.rb
@@ -285,9 +285,12 @@ module Heartbeatable
        .order(time: :asc)

      connection.select_value(
-        "SELECT COALESCE(SUM(diff), 0)::integer
-         FROM (#{capped_diffs.to_sql}) AS diffs
-         WHERE time >= #{start_time}"
+        ActiveRecord::Base.sanitize_sql([
+          "SELECT COALESCE(SUM(diff), 0)::integer
+           FROM (#{capped_diffs.to_sql}) AS diffs
+           WHERE time >= ?",
+          start_time
+        ])
      ).to_i
    end
  end