From 9ada5a93b02cdeffff06727fa0c438276ef792f9 Mon Sep 17 00:00:00 2001
From: Kartikey Chauhan <me@cskartikey.dev>
Date: Fri, 25 Jul 2025 11:44:54 +0530
Subject: [PATCH] fix: sanitize sql

---
 app/models/concerns/heartbeatable.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/models/concerns/heartbeatable.rb b/app/models/concerns/heartbeatable.rb
index 260fd80..9d33f52 100644
--- a/app/models/concerns/heartbeatable.rb
+++ b/app/models/concerns/heartbeatable.rb
@@ -285,9 +285,12 @@ module Heartbeatable
         .order(time: :asc)
 
       connection.select_value(
-        "SELECT COALESCE(SUM(diff), 0)::integer
-         FROM (#{capped_diffs.to_sql}) AS diffs
-         WHERE time >= #{start_time}"
+        ActiveRecord::Base.sanitize_sql([
+          "SELECT COALESCE(SUM(diff), 0)::integer
+           FROM (#{capped_diffs.to_sql}) AS diffs
+           WHERE time >= ?",
+          start_time
+        ])
       ).to_i
     end
   end