FIX: ensures reports can't modify records (#8006)

FIX: ensures reports can’t modify records (#8006)

diff --git a/app/models/report.rb b/app/models/report.rb
index 783247f..d4387b0 100644
--- a/app/models/report.rb
+++ b/app/models/report.rb
@@ -83,6 +83,8 @@ class Report
 
   def self.wrap_slow_query(timeout = 20000)
     ActiveRecord::Base.connection.transaction do
+      # Allows only read only transactions
+      DB.exec "SET TRANSACTION READ ONLY"
       # Set a statement timeout so we can't tie up the server
       DB.exec "SET LOCAL statement_timeout = #{timeout}"
       yield

GitHub sha: 0a6d1b68

1 Like