Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
security: Audit Log Injection
This mitigates a vulnerability discovered by the AppSec Research Team at Checkmarx where it's possible to perform injection via Audit Log plugin. This is due to passing the `order` URL param directly to the select query. This refactors the `getOrder()` method to only return predefined sort orders to prevent using user-input.
- Loading branch information