From dee9a7069e09c84f6a11f7fb10245efa3d982c69 Mon Sep 17 00:00:00 2001 From: Keith Lawrence Date: Thu, 22 Feb 2024 16:00:40 +0000 Subject: [PATCH] fix security bug in exporter subclasses --- .../export/local_authority_links_exporter.rb | 4 ++-- app/lib/local_links_manager/export/service_links_exporter.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/lib/local_links_manager/export/local_authority_links_exporter.rb b/app/lib/local_links_manager/export/local_authority_links_exporter.rb index 6ce706453..aafa22e9d 100644 --- a/app/lib/local_links_manager/export/local_authority_links_exporter.rb +++ b/app/lib/local_links_manager/export/local_authority_links_exporter.rb @@ -2,8 +2,8 @@ module LocalLinksManager module Export class LocalAuthorityLinksExporter < LocalLinksManager::Export::LinksExporter def links(local_authority_id, status) - Link.enabled_links.public_send(status) - .where(local_authority_id:) + Link.enabled_links + .where(local_authority_id:, status:) .joins(:local_authority, :service, :interaction) .select(*SELECTION) .order("services.lgsl_code", "interactions.lgil_code").all diff --git a/app/lib/local_links_manager/export/service_links_exporter.rb b/app/lib/local_links_manager/export/service_links_exporter.rb index c1b903b78..04bb39461 100644 --- a/app/lib/local_links_manager/export/service_links_exporter.rb +++ b/app/lib/local_links_manager/export/service_links_exporter.rb @@ -2,7 +2,7 @@ module LocalLinksManager module Export class ServiceLinksExporter < LocalLinksManager::Export::LinksExporter def links(service_id, status) - Link.joins(:service).where(services: { id: service_id }).public_send(status) + Link.joins(:service).where(services: { id: service_id }, status:) .joins(:local_authority, :interaction) .select(*SELECTION) .order("local_authorities.name", "interactions.lgil_code").all