Skip to content

Commit d91f4c6

Browse files
committed
chore: validate order param for payment query
1 parent 176c7fe commit d91f4c6

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

Diff for: includes/payments/class-payments-query.php

+3
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,9 @@ private function set_filters() {
157157
// While set filters $args will get override and multiple get_payments call will not work.
158158
$this->args = $this->_args;
159159

160+
// Whitelist order.
161+
$this->args['order'] = in_array( strtoupper( $this->args['order'] ), array( 'ASC', 'DESC' ) ) ? $this->args['order'] : 'DESC' ;
162+
160163
$this->date_filter_pre();
161164
$this->orderby();
162165
$this->status();

0 commit comments

Comments
 (0)