mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-04 23:24:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Blind SQL injection fix (#3284)

Browse Source
This commit is contained in:
jekkos
2024-09-19 00:55:49 +02:00
committed by jekkos
parent 72f147074d
commit 0f4d06af61
13 changed files with 135 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controllers/Secure_Controller.php
View File

@@ -82,6 +82,11 @@ class Secure_Controller extends BaseController
view('viewData', $this->global_view_data);
}
public function sanitizeSortColumn($headers, $field, $default): string
{
return $field != null && in_array($field, array_keys(array_merge(...$headers))) ? $field : $default;
}
/**
* AJAX function used to confirm whether values sent in the request are numeric
* @return void