Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] blind SQL injection in searchAll
- As reported by Zigrin Security
  • Loading branch information
mokaddem committed Mar 25, 2023
1 parent 7df0169 commit 5f1c99c
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions src/Controller/InstanceController.php
Expand Up @@ -38,6 +38,7 @@ public function searchAll()
$searchValue = $this->request->getQuery('search');
$model = $this->request->getQuery('model', null);
$limit = $this->request->getQuery('limit', 5);
$limit = is_numeric($limit) ? $limit : 5;
if (!empty($this->request->getQuery('show_all', false))) {
$limit = null;
}
Expand Down
2 changes: 1 addition & 1 deletion src/Model/Table/InstanceTable.php
Expand Up @@ -81,7 +81,7 @@ public function getStatistics(int $days=30): array
return $statistics;
}

public function searchAll($value, $user, $limit=5, $model=null)
public function searchAll($value, $user, int $limit=5, $model=null)
{
$results = [];
$models = $this->seachAllTables;
Expand Down

0 comments on commit 5f1c99c

Please sign in to comment.