From 61ee7d252cb3bd6bed48377a2cfc431d2180ec33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=A4fer?= <git@roschaefer.de>
Date: Tue, 31 Jul 2018 15:01:15 +0200
Subject: [PATCH] Fix brakeman

---
 backend/app/controllers/statistic/broadcasts_controller.rb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/app/controllers/statistic/broadcasts_controller.rb b/backend/app/controllers/statistic/broadcasts_controller.rb
index 0e7c8f038..892b7ccb8 100644
--- a/backend/app/controllers/statistic/broadcasts_controller.rb
+++ b/backend/app/controllers/statistic/broadcasts_controller.rb
@@ -51,6 +51,7 @@ def index
       }
       direction = order_mapping[statistics_params[:direction]] || 'DESC NULLS LAST'
       order_by_clause = [column, direction].join(' ')
+      order_by_clause = ActiveRecord::Base.sanitize(order_by_clause)
 
       @statistics = Statistic::Broadcast.order(order_by_clause).order(title: :asc).page(page).per(per_page)
       render json: @statistics, meta: { total_pages: @statistics.total_pages }