Browse files

Fix options['order'] also being vulnerable to injection attacks.

  • Loading branch information...
1 parent f2c9639 commit 51beab47f7a15c6eb0543bc83f8aa5546678dca3 @markstory markstory committed Jun 24, 2013
Showing with 5 additions and 0 deletions.
  1. +5 −0 cake/libs/controller/controller.php
View
5 cake/libs/controller/controller.php
@@ -1114,6 +1114,11 @@ function paginate($object = null, $scope = array(), $whitelist = array()) {
$options['limit'] = $options['show'];
}
+ if (isset($options['order']) && empty($options['sort'])) {
+ $options['sort'] = $options['order'];
+ unset($options['order']);
+ }
+
if (isset($options['sort'])) {
$direction = null;
if (isset($options['direction'])) {

0 comments on commit 51beab4

Please sign in to comment.