fix security bug in exporter subclasses

alphagov · Feb 26, 2024 · ad076f5 · ad076f5
1 parent 91aa646
commit ad076f5
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/app/lib/local_links_manager/export/local_authority_links_exporter.rb b/app/lib/local_links_manager/export/local_authority_links_exporter.rb
@@ -2,8 +2,8 @@ module LocalLinksManager
   module Export
     class LocalAuthorityLinksExporter < LocalLinksManager::Export::LinksExporter
       def links(local_authority_id, status)
-        Link.enabled_links.public_send(status)
-          .where(local_authority_id:)
+        Link.enabled_links
+          .where(local_authority_id:, status:)
           .joins(:local_authority, :service, :interaction)
           .select(*SELECTION)
           .order("services.lgsl_code", "interactions.lgil_code").all

diff --git a/app/lib/local_links_manager/export/service_links_exporter.rb b/app/lib/local_links_manager/export/service_links_exporter.rb
@@ -2,7 +2,7 @@ module LocalLinksManager
   module Export
     class ServiceLinksExporter < LocalLinksManager::Export::LinksExporter
       def links(service_id, status)
-        Link.joins(:service).where(services: { id: service_id }).public_send(status)
+        Link.joins(:service).where(services: { id: service_id }, status:)
           .joins(:local_authority, :interaction)
           .select(*SELECTION)
           .order("local_authorities.name", "interactions.lgil_code").all