Update src/controllers/helpers/pagination.rs

eth3lbert · carols10cents · web-flow · commit 4a9559269021 · 2024-02-02T23:47:44.000+08:00
Co-authored-by: Carol (Nichols || Goulding) &lt;193874+carols10cents@users.noreply.github.com&gt;
diff --git a/src/controllers/helpers/pagination.rs b/src/controllers/helpers/pagination.rs
@@ -350,6 +350,8 @@ where
         out.push_sql(") t LIMIT ");
         out.push_bind_param::<BigInt, _>(&self.options.per_page)?;
         if let Some(offset) = self.options.offset() {
+            // Injection safety: `offset()` returns `Option<i64>`, so this interpolation is constrained to known
+            // valid values and this is not vulnerable to user injection attacks.
             out.push_sql(format!(" OFFSET {offset}").as_str());
         }
         Ok(())

Original file line number	Diff line number	Diff line change
`@@ -350,6 +350,8 @@ where`
`350`	`350`	`out.push_sql(") t LIMIT ");`
`351`	`351`	`out.push_bind_param::<BigInt, _>(&self.options.per_page)?;`
`352`	`352`	`if let Some(offset) = self.options.offset() {`
	`353`	+ // Injection safety: `offset()` returns `Option<i64>`, so this interpolation is constrained to known
	`354`	`+ // valid values and this is not vulnerable to user injection attacks.`
`353`	`355`	`out.push_sql(format!(" OFFSET {offset}").as_str());`
`354`	`356`	`}`
`355`	`357`	`Ok(())`