DEV: Do not clean up chat message uploads (PR #14267)

GitHub

Can you use proper parameters for these to avoid injection? It’s weird that the above queries don’t either. That seems bad!

Maybe it’s because you have to do interpolation anyways and it looks funky?

ChatMessage.where("message LIKE ? OR message LIKE ?", "%#{upload.sha1}%", "%#{encoded_sha}%").exists?

You can’t do ChatMessage.where("message LIKE '%?%' OR message LIKE '%?%', upload.sha1, encoded_sha).exists?, because it adds the ''s and you get

SELECT 1 AS one FROM "chat_messages" WHERE "chat_messages"."deleted_at" IS NULL AND (message LIKE '%'f5b99ab717b4b39c63bd2f4b9e66a31ac0a013c7'%' OR message LIKE '%'z3MDpRfWGupAJ715eDOdrpGE3xZ'%') LIMIT 1
ActiveRecord::StatementInvalid: PG::SyntaxError: ERROR:  syntax error at or near "f5b99ab717b4b39c63bd2f4b9e66a31ac0a013c7"
LINE 1: ...ssages"."deleted_at" IS NULL AND (message LIKE '%'f5b99ab717...

Oh right it’s the %! Makes sense.