AO3-7224 Eliminate chilled string warnings in our own code (#5503)

* AO3-7224 Eliminate chilled string warnings in our own code

* AO3-7224 Fix unsanitized wildcards in fandom_string

Author: Bilka2

app/controllers/archive_faqs_controller.rb

@@ -42,13 +42,12 @@ def show
   protected
 
   def build_questions
-    notice = +""
     num_to_build = params["num_questions"] ? params["num_questions"].to_i : @archive_faq.questions.count
     if num_to_build < @archive_faq.questions.count
-      notice += ts("There are currently %{num} questions. You can only submit a number equal to or greater than %{num}. ", num: @archive_faq.questions.count)
+      notice = ts("There are currently %{num} questions. You can only submit a number equal to or greater than %{num}. ", num: @archive_faq.questions.count)
       num_to_build = @archive_faq.questions.count
     elsif params["num_questions"]
-      notice += ts("Set up %{num} questions. ", num: num_to_build)
+      notice = ts("Set up %{num} questions. ", num: num_to_build)
     end
     num_existing = @archive_faq.questions.count
     num_existing.upto(num_to_build-1) do

app/controllers/fandoms_controller.rb

@@ -33,24 +33,15 @@ def show
   end
 
   def unassigned
-    join_string = "LEFT JOIN wrangling_assignments
-                  ON (wrangling_assignments.fandom_id = tags.id)
-                  LEFT JOIN users
-                  ON (users.id = wrangling_assignments.user_id)"
-    conditions = "canonical = 1 AND users.id IS NULL"
-    unless params[:media_id].blank?
+    @fandoms = Fandom.joins("LEFT JOIN wrangling_assignments ON (wrangling_assignments.fandom_id = tags.id)
+                 LEFT JOIN users ON (users.id = wrangling_assignments.user_id)").where(canonical: true, users: { id: nil })
+
+    if params[:media_id].present?
       @media = Media.find_by_name(params[:media_id])
-      if @media
-        join_string <<  " INNER JOIN common_taggings
-                        ON (tags.id = common_taggings.common_tag_id)"
-        conditions  << " AND common_taggings.filterable_id = #{@media.id}
-                        AND common_taggings.filterable_type = 'Tag'"
-      end
+      @fandoms = @fandoms.joins(:common_taggings).where(common_taggings: { filterable: @media }) if @media
     end
-    @fandoms = Fandom.joins(join_string).
-                      where(conditions).
-                      order(params[:sort] == 'count' ? "count DESC" : "sortable_name ASC").
-                      with_count.
-                      paginate(page: params[:page], per_page: 250)
+
+    order = params[:sort] == "count" ? "count DESC" : "sortable_name ASC"
+    @fandoms = @fandoms.order(order).with_count.paginate(page: params[:page], per_page: 250)
   end
 end

app/controllers/tag_wranglers_controller.rb

@@ -9,35 +9,27 @@ def index
     authorize :wrangling, :full_access? if logged_in_as_admin?
 
     @wranglers = Role.find_by(name: "tag_wrangler").users.alphabetical
-    conditions = ["canonical = 1"]
-    joins = "LEFT JOIN wrangling_assignments ON (wrangling_assignments.fandom_id = tags.id)
-             LEFT JOIN users ON (users.id = wrangling_assignments.user_id)"
-    unless params[:fandom_string].blank?
-      conditions.first << " AND name LIKE ?"
-      conditions << params[:fandom_string] + "%"
-    end
-    unless params[:wrangler_id].blank?
+
+    @assignments = Fandom.in_use.joins("LEFT JOIN wrangling_assignments ON (wrangling_assignments.fandom_id = tags.id)
+                     LEFT JOIN users ON (users.id = wrangling_assignments.user_id)").where(canonical: true)
+
+    @assignments = @assignments.where("name LIKE ?", "#{Fandom.sanitize_sql_like(params[:fandom_string])}%") if params[:fandom_string].present?
+
+    if params[:wrangler_id].present?
       if params[:wrangler_id] == "No Wrangler"
-        conditions.first << " AND users.id IS NULL"
+        @assignments = @assignments.where(users: { id: nil })
       else
         @wrangler = User.find_by(login: params[:wrangler_id])
-        if @wrangler
-          conditions.first << " AND users.id = #{@wrangler.id}"
-        end
+        @assignments = @assignments.where(users: { id: @wrangler.id }) if @wrangler
       end
     end
-    unless params[:media_id].blank?
+
+    if params[:media_id].present?
       @media = Media.find_by_name(params[:media_id])
-      if @media
-        joins << " INNER JOIN common_taggings ON (tags.id = common_taggings.common_tag_id)"
-        conditions.first << " AND common_taggings.filterable_id = #{@media.id} AND common_taggings.filterable_type = 'Tag'"
-      end
+      @assignments = @assignments.joins(:common_taggings).where(common_taggings: { filterable: @media }) if @media
     end
-    @assignments = Fandom.in_use.joins(joins)
-                                .select('tags.*, users.login AS wrangler')
-                                .where(conditions)
-                                .order(:name)
-                                .paginate(page: params[:page], per_page: 50)
+
+    @assignments = @assignments.select("tags.*, users.login AS wrangler").order(:name).paginate(page: params[:page], per_page: 50)
   end
 
   def show

app/helpers/tags_helper.rb

@@ -88,7 +88,7 @@ def remove_tag_association_label(tag)
 
   # Adds the "tag" classname to links (for tag links)
   def link_to_with_tag_class(path, text, options)
-    options[:class] ? options[:class] << " tag" : options[:class] = "tag"
+    options[:class] ? options[:class].dup << " tag" : options[:class] = "tag"
     link_to text, path, options
   end
 

spec/models/story_parser_spec.rb

@@ -201,7 +201,7 @@ class StoryParser
 
     it "does NOT convert raw anchor links to absolute links" do
       location = "http://external_site"
-      story_in = "<html><body><p><a href=#local>local href</p></body></html>"
+      story_in = +"<html><body><p><a href=#local>local href</p></body></html>"
       result = @sp.parse_common(story_in, location)
       expect(result[:chapter_attributes][:content]).not_to include(location)
       expect(result[:chapter_attributes][:content]).to include("#local")

spec/models/tag_spec.rb

@@ -295,14 +295,14 @@ def expect_tag_update_flag_in_redis_to_be(flag)
         tag_character = FactoryBot.create(:character, canonical: true, name: "kirk")
         tag_fandom = FactoryBot.create(:fandom, name: "Star Trek", canonical: true)
         tag_fandom.add_to_autocomplete
-        results = Tag.autocomplete_fandom_lookup(term: "ki", fandom: "Star Trek")
+        results = Tag.autocomplete_fandom_lookup(term: +"ki", fandom: "Star Trek")
         expect(results.include?("#{tag_character.id}: #{tag_character.name}")).to be_truthy
         expect(results.include?("brave_sire_robin")).to be_falsey
       end
 
       it "old tag maker still works" do
-        tag_adult = Rating.create_canonical("adult", true)
-        tag_normal = ArchiveWarning.create_canonical("other")
+        tag_adult = Rating.create_canonical(+"adult", true)
+        tag_normal = ArchiveWarning.create_canonical(+"other")
         expect(tag_adult.name).to eq("adult")
         expect(tag_normal.name).to eq("other")
         expect(tag_adult.adult).to be_truthy