Merge pull request from GHSA-2jx3-5j9v-prpp

Validate order by and order way
PrestaShop · Jun 24, 2022 · b3ec4b8 · b3ec4b8 · doekia · Jul 22, 2022
2 parents 13e64b2 + be79516
commit b3ec4b8
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/Search/WishListProductSearchProvider.php b/src/Search/WishListProductSearchProvider.php
@@ -35,6 +35,7 @@
 use Product;
 use Shop;
 use Symfony\Component\Translation\TranslatorInterface;
+use Validate;
 use WishList;
 
 /**
@@ -167,7 +168,10 @@ private function getProductsOrCount(
 
         if ('products' === $type) {
             $sortOrder = $query->getSortOrder()->toLegacyOrderBy(true);
-            $querySearch->orderBy($sortOrder . ' ' . $query->getSortOrder()->toLegacyOrderWay());
+            $sortWay = $query->getSortOrder()->toLegacyOrderWay();
+            if (Validate::isOrderBy($sortOrder) && Validate::isOrderWay($sortWay)) {
+                $querySearch->orderBy($sortOrder . ' ' . $sortWay);
+            }
             $querySearch->limit((int) $query->getResultsPerPage(), ((int) $query->getPage() - 1) * (int) $query->getResultsPerPage());
             $products = $this->db->executeS($querySearch);