Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed orderBy injection vulnerability
  • Loading branch information
rwstream9 committed Jun 6, 2016
1 parent 5082c01 commit 42ec8f2
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/Query/Query.php
Expand Up @@ -921,7 +921,7 @@ public function groupBy ($field)
}


public function orderBy ($field, $direction = 'ASC')
public function orderBy ($field, $direction = self::QUERY_ORDER_ASC)
{
$this->orderBys[] = array(
'field' => $this->filterIdentifier($field),
Expand Down Expand Up @@ -1064,7 +1064,11 @@ protected function processOrderBy ()
$orderBys = array();

foreach ($this->orderBys as $orderBy) {
$orderBys[] = $orderBy['field'] . ' ' . $orderBy['direction'];
$direction = (strtoupper($orderBy['direction']) == self::QUERY_ORDER_DESC)
? self::QUERY_ORDER_DESC
: self::QUERY_ORDER_ASC;

$orderBys[] = $orderBy['field'] . ' ' . $direction;
}

return $sql.implode(', ', $orderBys);
Expand Down

0 comments on commit 42ec8f2

Please sign in to comment.