From 8ff7068e332cf081f8946c0bf0e85d46af587411 Mon Sep 17 00:00:00 2001
From: Ollama <ollama@steganos.dev>
Date: Mon, 16 Mar 2026 18:30:43 +0000
Subject: [PATCH] Refactor: Add ALLOWED_SORT_COLUMNS constant and reuse in
 sanitization

- Add Item::ALLOWED_SORT_COLUMNS constant for allowed sort columns
- Use constant in sanitizeSortColumnAttribute() instead of inline array
- Enables reuse across the codebase for sort column validation
---
 app/Controllers/Items.php | 4 +---
 app/Models/Item.php       | 2 ++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/Controllers/Items.php b/app/Controllers/Items.php
index 641f2c154..cf5ddc1d8 100644
--- a/app/Controllers/Items.php
+++ b/app/Controllers/Items.php
@@ -79,9 +79,7 @@ class Items extends Secure_Controller
             return $default;
         }
 
-        $allowed_columns = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity'];
-
-        if (in_array($field, $allowed_columns)) {
+        if (in_array($field, Item::ALLOWED_SORT_COLUMNS, true)) {
             return $field;
         }
 
diff --git a/app/Models/Item.php b/app/Models/Item.php
index 6971d31fd..b5328a4dd 100644
--- a/app/Models/Item.php
+++ b/app/Models/Item.php
@@ -31,6 +31,8 @@ class Item extends Model
         'allow_alt_description',
         'is_serialized'
     ];
+
+    public const ALLOWED_SORT_COLUMNS = ['items.item_id', 'item_number', 'name', 'category', 'company_name', 'cost_price', 'unit_price', 'quantity'];
     protected $table = 'items';
     protected $primaryKey = 'item_id';
     protected $useAutoIncrement = true;