Avoid quote_string in favor of bindings where possible

lib/api/v3/projects/project_sql_representer.rb

@@ -47,7 +47,7 @@ module API
           end
 
           def ancestors_sql(walker_result)
-            <<-SQL.squish
+            <<~SQL.squish
               SELECT id, CASE WHEN count(link) = 0 THEN '[]' ELSE json_agg(link) END ancestors
               FROM
                 (
@@ -73,8 +73,13 @@ module API
           end
 
           def ancestor_projection
+            undisclosed_ancestor_title = ActiveRecord::Base.send(
+              :sanitize_sql_array,
+              ["?", I18n.t(:"api_v3.undisclosed.ancestor")]
+            )
+
             if User.current.admin?
-              <<-SQL.squish
+              <<~SQL.squish
                 CASE
                   WHEN ancestors.id IS NOT NULL
                     THEN #{workspace_type_link_case('ancestors')}
@@ -82,13 +87,13 @@ module API
                 END
               SQL
             else
-              <<-SQL.squish
+              <<~SQL.squish
                 CASE
                   WHEN ancestors.id IS NOT NULL AND ancestors.id IN (SELECT id FROM visible_projects)
                     THEN #{workspace_type_link_case('ancestors')}
                   WHEN ancestors.id IS NOT NULL AND ancestors.id NOT IN (SELECT id FROM visible_projects)
                     THEN json_build_object('href', '#{API::V3::URN_UNDISCLOSED}',
-                                           'title', #{ActiveRecord::Base.connection.quote(I18n.t(:"api_v3.undisclosed.ancestor"))})
+                                           'title', #{undisclosed_ancestor_title})
                   ELSE NULL
                 END
               SQL

lib/open_project/nested_set/rebuild_patch.rb

@@ -47,7 +47,7 @@ module OpenProject::NestedSet::RebuildPatch
   module ClassMethods
     # Rebuilds the left & rights if unset or invalid.  Also very useful for converting from acts_as_tree.
     # Very similar to original nested_set implementation but uses update_all so that callbacks are not triggered
-    def rebuild_silently!(roots = nil)
+    def rebuild_silently!(roots = nil) # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
       # Don't rebuild a valid tree.
       return true if valid?
 
@@ -55,7 +55,10 @@ module OpenProject::NestedSet::RebuildPatch
       if acts_as_nested_set_options[:scope]
         scope = lambda { |node|
           scope_column_names.inject("") do |str, column_name|
-            str << "AND #{connection.quote_column_name(column_name)} = #{connection.quote(node.send(column_name.to_sym))} "
+            str << ActiveRecord::Base.send(
+              :sanitize_sql_array,
+              ["AND #{connection.quote_column_name(column_name)} = ? ", node.send(column_name.to_sym)]
+            )
           end
         }
       end