From c11cc5eb9ed703a09c875b86a0df954ac7a998cf Mon Sep 17 00:00:00 2001
From: Jonathan Kolyer <jonathan@jamkazam.com>
Date: Tue, 4 Aug 2015 14:11:46 +0000
Subject: [PATCH] added fixmes for sql injection vulnerabilities

---
 ruby/lib/jam_ruby/models/base_search.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ruby/lib/jam_ruby/models/base_search.rb b/ruby/lib/jam_ruby/models/base_search.rb
index 462372796..f08c46a7d 100644
--- a/ruby/lib/jam_ruby/models/base_search.rb
+++ b/ruby/lib/jam_ruby/models/base_search.rb
@@ -102,6 +102,7 @@ module JamRuby
     def self.search_target_class
     end
 
+    # FIXME:  SQL INJECTION
     def _genres(rel, query_data=json)
       gids = query_data[KEY_GENRES]
       unless gids.blank?
@@ -112,6 +113,7 @@ module JamRuby
       rel
     end
 
+    # FIXME:  SQL INJECTION
     def _instruments(rel, query_data=json)
       unless (instruments = query_data[KEY_INSTRUMENTS]).blank?
         instsql = "SELECT player_id FROM musicians_instruments WHERE (("