@where = params[:where]
elsif params[:where].is_a? String
begin
- @where = Oj.load(params[:where])
+ @where = Oj.strict_load(params[:where])
raise unless @where.is_a? Hash
rescue
raise ArgumentError.new("Could not parse \"where\" param as an object")
@filters += params[:filters]
elsif params[:filters].is_a? String and !params[:filters].empty?
begin
- f = Oj.load params[:filters]
+ f = Oj.strict_load params[:filters]
if not f.nil?
raise unless f.is_a? Array
@filters += f
(case params[:order]
when String
if params[:order].starts_with? '['
- od = Oj.load(params[:order])
+ od = Oj.strict_load(params[:order])
raise unless od.is_a? Array
od
else
# has used set_table_name to use an alternate table name from the Rails standard.
# I could not find a perfect way to handle this well, but ActiveRecord::Base.send(:descendants)
# would be a place to start if this ever becomes necessary.
- if attr.match /^[a-z][_a-z0-9]+$/ and
+ if attr.match(/^[a-z][_a-z0-9]+$/) and
model_class.columns.collect(&:name).index(attr) and
['asc','desc'].index direction.downcase
@orders << "#{table_name}.#{attr} #{direction.downcase}"
- elsif attr.match /^([a-z][_a-z0-9]+)\.([a-z][_a-z0-9]+)$/ and
+ elsif attr.match(/^([a-z][_a-z0-9]+)\.([a-z][_a-z0-9]+)$/) and
['asc','desc'].index(direction.downcase) and
ActiveRecord::Base.connection.tables.include?($1) and
$1.classify.constantize.columns.collect(&:name).index($2)
@select = params[:select]
when String
begin
- @select = Oj.load params[:select]
+ @select = Oj.strict_load params[:select]
raise unless @select.is_a? Array or @select.nil?
rescue
raise ArgumentError.new("Could not parse \"select\" param as an array")