Skip to content

Commit

Permalink
MDL-77187 mod_wiki: validate external method sort parameters.
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulholden
paulholden authored and Jenkins committed Apr 19, 2023
1 parent a8da761 commit 5521d1d
Showing 1 changed file with 10 additions and 8 deletions.
18 changes: 10 additions & 8 deletions mod/wiki/classes/external.php
View file
Expand Up @@ -457,15 +457,17 @@ public static function get_subwiki_pages($wikiid, $groupid = -1, $userid = 0, $o
throw new moodle_exception('cannotviewpage', 'wiki');
} else if ($subwiki->id != -1) {

// Set sort param.
$options = $params['options'];
if (!empty($options['sortby'])) {
if ($options['sortdirection'] != 'ASC' && $options['sortdirection'] != 'DESC') {
// Invalid sort direction. Use default.
$options['sortdirection'] = 'ASC';
}
$sort = $options['sortby'] . ' ' . $options['sortdirection'];
}

// Set sort param.
$sort = get_safe_orderby([
'id' => 'id',
'title' => 'title',
'timecreated' => 'timecreated',
'timemodified' => 'timemodified',
'pageviews' => 'pageviews',
'default' => 'title',
], $options['sortby'], $options['sortdirection'], false);

$pages = wiki_get_page_list($subwiki->id, $sort);
$caneditpages = wiki_user_can_edit($subwiki);
Expand Down

0 comments on commit 5521d1d

Please sign in to comment.