Refactor: Use existing sanitizeSortColumn method with item_sort_columns helper

- Add item_sort_columns() helper function in tabular_helper.php - Helper returns all sortable columns including dynamic attribute IDs - Remove duplicate sanitizeSortColumnAttribute method from Items controller - Remove unused ALLOWED_SORT_COLUMNS constant from Item model - Reuses existing sanitizeSortColumn method from Secure_Controller
2026-04-02 06:14:51 -04:00 · 2026-03-16 18:34:23 +00:00
parent 8ff7068e33
commit 1ffe142f83
3 changed files with 19 additions and 27 deletions
--- a/app/Controllers/Items.php
+++ b/app/Controllers/Items.php
@@ -65,31 +65,6 @@ class Items extends Secure_Controller
        $this->config = config(OSPOS::class)->settings;
    }

-    /**
-     * Sanitize sort column allowing standard columns and attribute definition IDs
-     *
-     * @param string|null $field The requested sort field
-     * @param string $default The default sort field
-     * @param array $attribute_ids Allowed attribute definition IDs
-     * @return string The validated sort field
-     */
-    private function sanitizeSortColumnAttribute(?string $field, string $default, array $attribute_ids): string
-    {
-        if ($field === null) {
-            return $default;
-        }
-
-        if (in_array($field, Item::ALLOWED_SORT_COLUMNS, true)) {
-            return $field;
-        }
-
-        if (ctype_digit($field) && in_array((int) $field, $attribute_ids, true)) {
-            return $field;
-        }
-
-        return $default;
-    }
-
    /**
     * @return string
     */
@@ -136,7 +111,7 @@ class Items extends Secure_Controller
        $definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS);
        $attribute_column_ids = array_keys($definition_names);

-        $sort = $this->sanitizeSortColumnAttribute($this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id', $attribute_column_ids);
+        $sort = $this->sanitizeSortColumn(item_sort_columns(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'items.item_id');
        $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS);

        $this->item_lib->set_item_location($this->request->getGet('stock_location'));
--- a/app/Helpers/tabular_helper.php
+++ b/app/Helpers/tabular_helper.php
@@ -401,6 +401,24 @@ function item_headers(): array
    ];
 }

+/**
+ * Get all sortable column keys for items table, including dynamic attribute columns
+ * @return array Array of column keys that are valid for sorting
+ */
+function item_sort_columns(): array
+{
+    $attribute = model(Attribute::class);
+    $definitionIds = array_keys($attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS));
+
+    $columns = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity'];
+
+    foreach ($definitionIds as $definitionId) {
+        $columns[] = (string) $definitionId;
+    }
+
+    return $columns;
+}
+
 /**
 * Get the header for the items tabular view
 */
--- a/app/Models/Item.php
+++ b/app/Models/Item.php
@@ -32,7 +32,6 @@ class Item extends Model
        'is_serialized'
    ];

-    public const ALLOWED_SORT_COLUMNS = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity'];
    protected $table = 'items';
    protected $primaryKey = 'item_id';
    protected $useAutoIncrement = true;