Skip to content

Commit a117e0f

Browse files
committed
fix potential SQL injection
1 parent 55460df commit a117e0f

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: JqGridAction.php

+3
Original file line numberDiff line numberDiff line change
@@ -259,6 +259,9 @@ protected function addSearchOptionsRecursively($query, $searchData)
259259
}
260260

261261
foreach ($searchData['rules'] as $rule) {
262+
if (!$this->model->hasAttribute($rule['field'])) {
263+
throw new BadRequestHttpException('Unknown attribute');
264+
}
262265
switch ($rule['op']) {
263266
case 'eq':
264267
$query->$groupCondition([$rule['field'] => $rule['data']]);

0 commit comments

Comments
 (0)