From da21fad10b3d562b5a42a6ac09d29aa6f372a3fc Mon Sep 17 00:00:00 2001
From: Guo Xiang Tan <tgx_world@hotmail.com>
Date: Mon, 18 Jul 2016 15:35:12 +0800
Subject: [PATCH] SECURITY: Possible SQL injection.

---
 app/models/screened_ip_address.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/screened_ip_address.rb b/app/models/screened_ip_address.rb
index 82d63cdcd93..248ad97703c 100644
--- a/app/models/screened_ip_address.rb
+++ b/app/models/screened_ip_address.rb
@@ -56,7 +56,7 @@ class ScreenedIpAddress < ActiveRecord::Base
     #
     #   http://www.postgresql.org/docs/9.1/static/datatype-net-types.html
     #   http://www.postgresql.org/docs/9.1/static/functions-net.html
-    find_by("'#{ip_address.to_s}' <<= ip_address")
+    find_by("? <<= ip_address", ip_address.to_s)
   end
 
   def self.should_block?(ip_address)