sanitize project condition

Author: ulferts

modules/backlogs/app/services/work_packages/rebuild_positions_service.rb

@@ -34,7 +34,10 @@ def initialize(project: nil)
   end
 
   def call
-    condition = " AND work_packages.project_id = #{@project.id}" if @project
+    condition = if @project
+                  ::OpenProject::SqlSanitization.sanitize " AND work_packages.project_id = :project_id",
+                                                          project_id: @project.id
+                end
 
     WorkPackage.connection.execute <<~SQL.squish
       UPDATE work_packages