Skip to content

Commit

Permalink
Ensure only allowed searchable columns are used in DB Query
Browse files Browse the repository at this point in the history
  • Loading branch information
sedan07 committed Jan 15, 2021
1 parent 8c1a2c2 commit 27bca82
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions app/Models/Traits/SearchableTrait.php
Expand Up @@ -34,10 +34,11 @@ public function scopeSearch(Builder $query, array $search = [])
return $query;
}

if (!array_intersect(array_keys($search), $this->searchable)) {
$allowed_search = array_intersect_key($search, array_flip($this->searchable));
if (! $allowed_search) {
return $query;
}

return $query->where($search);
return $query->where($allowed_search);
}
}

0 comments on commit 27bca82

Please sign in to comment.