From 90da63cb1353aafcb778632ebc1cd81f5eb2a9e4 Mon Sep 17 00:00:00 2001 From: Ollama Date: Mon, 6 Apr 2026 18:24:06 +0000 Subject: [PATCH] fix(security): prevent SQL injection in tax controller sort columns Add sanitizeSortColumn() validation to prevent SQL injection in the sort parameter of search() methods in tax-related controllers. Vulnerable controllers: - Taxes.php: sort column was passed directly to model - Tax_categories.php: sort column was passed directly to model - Tax_codes.php: sort column was passed directly to model - Tax_jurisdictions.php: sort column was passed directly to model Fix: Use sanitizeSortColumn() to validate sort column against allowed headers, defaulting to primary key if invalid. --- app/Controllers/Tax_categories.php | 2 +- app/Controllers/Tax_codes.php | 2 +- app/Controllers/Tax_jurisdictions.php | 2 +- app/Controllers/Taxes.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/Controllers/Tax_categories.php b/app/Controllers/Tax_categories.php index 994eedbfa..62289a9da 100644 --- a/app/Controllers/Tax_categories.php +++ b/app/Controllers/Tax_categories.php @@ -40,7 +40,7 @@ class Tax_categories extends Secure_Controller $search = $this->request->getGet('search'); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $sort = $this->sanitizeSortColumn(get_tax_categories_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_category_id'); $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_categories = $this->tax_category->search($search, $limit, $offset, $sort, $order); diff --git a/app/Controllers/Tax_codes.php b/app/Controllers/Tax_codes.php index 7413622e4..d9fa2b046 100644 --- a/app/Controllers/Tax_codes.php +++ b/app/Controllers/Tax_codes.php @@ -50,7 +50,7 @@ class Tax_codes extends Secure_Controller $search = $this->request->getGet('search'); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $sort = $this->sanitizeSortColumn(get_tax_code_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_code'); $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_codes = $this->tax_code->search($search, $limit, $offset, $sort, $order); diff --git a/app/Controllers/Tax_jurisdictions.php b/app/Controllers/Tax_jurisdictions.php index a2ac12114..f29df341f 100644 --- a/app/Controllers/Tax_jurisdictions.php +++ b/app/Controllers/Tax_jurisdictions.php @@ -43,7 +43,7 @@ class Tax_jurisdictions extends Secure_Controller $search = $this->request->getGet('search'); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $sort = $this->sanitizeSortColumn(get_tax_jurisdictions_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'jurisdiction_id'); $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_jurisdictions = $this->tax_jurisdiction->search($search, $limit, $offset, $sort, $order); diff --git a/app/Controllers/Taxes.php b/app/Controllers/Taxes.php index 212e1fedc..29627c7fe 100644 --- a/app/Controllers/Taxes.php +++ b/app/Controllers/Taxes.php @@ -81,7 +81,7 @@ class Taxes extends Secure_Controller $search = $this->request->getGet('search'); $limit = $this->request->getGet('limit', FILTER_SANITIZE_NUMBER_INT); $offset = $this->request->getGet('offset', FILTER_SANITIZE_NUMBER_INT); - $sort = $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $sort = $this->sanitizeSortColumn(get_tax_rates_manage_table_headers(), $this->request->getGet('sort', FILTER_SANITIZE_FULL_SPECIAL_CHARS), 'tax_rate_id'); $order = $this->request->getGet('order', FILTER_SANITIZE_FULL_SPECIAL_CHARS); $tax_rates = $this->tax->search($search, $limit, $offset, $sort, $order);