discourse

mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-24 00:52:52 +08:00

History

Régis Hanol 6b4d70b0e0 DEV: Properly quote timezone values in cakeday SQL queries (#36804 ) The anniversaries controller was interpolating user timezone values directly into SQL via string interpolation. As a best practice, values should be properly escaped at the point of SQL construction. Moved timezone handling into cakedays_by() with a new apply_timezone parameter and used ActiveRecord::Base.connection.quote() to properly escape the value. This follows the same pattern used in discourse-rewind. Internal ref - t/102422	2025-12-19 14:54:52 +01:00
..
cakeday_spec.rb	DEV: Properly quote timezone values in cakeday SQL queries (#36804 )	2025-12-19 14:54:52 +01:00

DEV: Properly quote timezone values in cakeday SQL queries (#36804 )

The anniversaries controller was interpolating user timezone values
directly into SQL via string interpolation. As a best practice, values
should be properly escaped at the point of SQL construction.

Moved timezone handling into cakedays_by() with a new apply_timezone
parameter and used ActiveRecord::Base.connection.quote() to properly
escape the value. This follows the same pattern used in
discourse-rewind.

Internal ref - t/102422

2025-12-19 14:54:52 +01:00

cakeday_spec.rb

DEV: Properly quote timezone values in cakeday SQL queries (#36804 )

2025-12-19 14:54:52 +01:00

菲码源库

快速导航

产品服务

生态伙伴