AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid XSS in pagination ordering

This commit is contained in:
Frédéric Guillot 2019-01-30 22:05:43 -08:00
parent 8cf8f9ef07
commit 83deec2e36
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/Core/Paginator.php
View File

@ -169,10 +169,16 @@ class Paginator
public function executeQuery() public function executeQuery()
{ {
if ($this->query !== null) { if ($this->query !== null) {
$this->query $this->query
->offset($this->offset) ->offset($this->offset)
->limit($this->limit) ->limit($this->limit);
->orderBy($this->order, $this->direction);
if (preg_match('/^[a-zA-Z0-9._]+$/', $this->order)) {
$this->query->orderBy($this->order, $this->direction);
} else {
$this->order = '';
}
if ($this->formatter !== null) { if ($this->formatter !== null) {
return $this->formatter->withQuery($this->query)->format(); return $this->formatter->withQuery($this->query)->format();