chore: validate order param for payment query

impress-org · Jul 12, 2019 · d91f4c6 · d91f4c6
1 parent 176c7fe
commit d91f4c6
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/includes/payments/class-payments-query.php b/includes/payments/class-payments-query.php
@@ -157,6 +157,9 @@ private function set_filters() {
 		// While set filters $args will get override and multiple get_payments call will not work.
 		$this->args = $this->_args;
 
+		// Whitelist order.
+		$this->args['order'] = in_array( strtoupper( $this->args['order'] ), array( 'ASC', 'DESC' ) ) ? $this->args['order'] : 'DESC' ;
+
 		$this->date_filter_pre();
 		$this->orderby();
 		$this->status();