From 1ffe142f83f6a3fdea5fef35a6bf4e0b2427ab9a Mon Sep 17 00:00:00 2001 From: Ollama Date: Mon, 16 Mar 2026 18:34:23 +0000 Subject: [PATCH] Refactor: Use existing sanitizeSortColumn method with item_sort_columns helper - Add item_sort_columns() helper function in tabular_helper.php - Helper returns all sortable columns including dynamic attribute IDs - Remove duplicate sanitizeSortColumnAttribute method from Items controller - Remove unused ALLOWED_SORT_COLUMNS constant from Item model - Reuses existing sanitizeSortColumn method from Secure_Controller --- app/Controllers/Items.php | 27 +-------------------------- app/Helpers/tabular_helper.php | 18 ++++++++++++++++++ app/Models/Item.php | 1 - 3 files changed, 19 insertions(+), 27 deletions(-) diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php index cf5ddc1d8..5395a6f15 100644 --- a/app/Controllers/Items.php +++ b/app/Controllers/Items.php @@ -65,31 +65,6 @@ class Items extends Secure_Controller $this->config = config(OSPOS::class)->settings; } - /** - * Sanitize sort column allowing standard columns and attribute definition IDs - * - * @param string|null $field The requested sort field - * @param string $default The default sort field - * @param array $attribute_ids Allowed attribute definition IDs - * @return string The validated sort field - */ - private function sanitizeSortColumnAttribute(?string $field, string $default, array $attribute_ids): string - { - if ($field === null) { - return $default; - } - - if (in_array($field, Item::ALLOWED_SORT_COLUMNS, true)) { - return $field; - } - - if (ctype_digit($field) && in_array((int) $field, $attribute_ids, true)) { - return $field; - } - - return $default; - } - /** * @return string */ @@ -136,7 +111,7 @@ class Items extends Secure_Controller $definition_names = $this->attribute->get_definitions_by_flags(Attribute::SHOW_IN_ITEMS); $attribute_column_ids = array_keys($definition_names); - $sort = $this->sanitizeSortColumnAttribute($this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'item_id', $attribute_column_ids); + $sort = $this->sanitizeSortColumn(item_sort_columns(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'items.item_id'); $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $this->item_lib->set_item_location($this->request->getGet('stock_location')); diff --git a/app/Helpers/tabular_helper.php b/app/Helpers/tabular_helper.php index 5e6175c70..8b41deac6 100644 --- a/app/Helpers/tabular_helper.php +++ b/app/Helpers/tabular_helper.php @@ -401,6 +401,24 @@ function item_headers(): array ]; } +/** + * Get all sortable column keys for items table, including dynamic attribute columns + * @return array Array of column keys that are valid for sorting + */ +function item_sort_columns(): array +{ + $attribute = model(Attribute::class); + $definitionIds = array_keys($attribute->get_definitions_by_flags($attribute::SHOW_IN_ITEMS)); + + $columns = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity']; + + foreach ($definitionIds as $definitionId) { + $columns[] = (string) $definitionId; + } + + return $columns; +} + /** * Get the header for the items tabular view */ diff --git a/app/Models/Item.php b/app/Models/Item.php index b5328a4dd..7108477c9 100644 --- a/app/Models/Item.php +++ b/app/Models/Item.php @@ -32,7 +32,6 @@ class Item extends Model 'is_serialized' ]; - public const ALLOWED_SORT_COLUMNS = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity']; protected $table = 'items'; protected $primaryKey = 'item_id'; protected $useAutoIncrement = true;