From a2e7c0a74bbdaed6a33fd80549d6e6117a32ecb3 Mon Sep 17 00:00:00 2001
From: jekkos <jeroen.peelaerts@gmail.com>
Date: Mon, 6 Sep 2021 21:45:08 +0200
Subject: [PATCH] Revert SQLi fixes (#3284)

---
 application/controllers/Attributes.php          | 4 ++--
 application/controllers/Cashups.php             | 2 +-
 application/controllers/Customers.php           | 2 +-
 application/controllers/Employees.php           | 2 +-
 application/controllers/Expenses.php            | 2 +-
 application/controllers/Expenses_categories.php | 2 +-
 application/controllers/Giftcards.php           | 2 +-
 application/controllers/Item_kits.php           | 2 +-
 application/controllers/Items.php               | 2 +-
 application/controllers/Sales.php               | 6 +++---
 application/controllers/Suppliers.php           | 2 +-
 application/controllers/Tax_categories.php      | 2 +-
 application/controllers/Tax_codes.php           | 2 +-
 application/controllers/Tax_jurisdictions.php   | 2 +-
 application/controllers/Taxes.php               | 2 +-
 15 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/application/controllers/Attributes.php b/application/controllers/Attributes.php
index 22fc607af..8a07a32f0 100644
--- a/application/controllers/Attributes.php
+++ b/application/controllers/Attributes.php
@@ -24,7 +24,7 @@ class Attributes extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? definition.definition_name : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$attributes = $this->Attribute->search($search, $limit, $offset, $sort, $order);
@@ -189,4 +189,4 @@ class Attributes extends Secure_Controller
 			echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('attributes_definition_cannot_be_deleted')));
 		}
 	}
-}
+}
\ No newline at end of file
diff --git a/application/controllers/Cashups.php b/application/controllers/Cashups.php
index 57b598d94..fe295bc97 100644
--- a/application/controllers/Cashups.php
+++ b/application/controllers/Cashups.php
@@ -25,7 +25,7 @@ class Cashups extends Secure_Controller
 		$search   = $this->input->get('search');
 		$limit    = $this->input->get('limit');
 		$offset   = $this->input->get('offset');
-		$sort     = $this->input->post('sort') === NULL ? 'cashup_id' : $this->db->escape($this->input->get('sort'));
+		$sort     = $this->input->get('sort');
 		$order    = $this->input->get('order');
 		$filters  = array(
 					 'start_date' => $this->input->get('start_date'),
diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php
index 32205515e..5f446da76 100644
--- a/application/controllers/Customers.php
+++ b/application/controllers/Customers.php
@@ -58,7 +58,7 @@ class Customers extends Persons
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$customers = $this->Customer->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Employees.php b/application/controllers/Employees.php
index 06c0239b7..d101dc75c 100644
--- a/application/controllers/Employees.php
+++ b/application/controllers/Employees.php
@@ -17,7 +17,7 @@ class Employees extends Persons
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$employees = $this->Employee->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Expenses.php b/application/controllers/Expenses.php
index fcc61f86b..f419bf622 100644
--- a/application/controllers/Expenses.php
+++ b/application/controllers/Expenses.php
@@ -30,7 +30,7 @@ class Expenses extends Secure_Controller
 		$search   = $this->input->get('search');
 		$limit    = $this->input->get('limit');
 		$offset   = $this->input->get('offset');
-		$sort     = $this->input->post('sort') === NULL ? 'expense_id' : $this->db->escape($this->input->get('sort'));
+		$sort     = $this->input->get('sort');
 		$order    = $this->input->get('order');
 		$filters  = array(
 					 'start_date' => $this->input->get('start_date'),
diff --git a/application/controllers/Expenses_categories.php b/application/controllers/Expenses_categories.php
index 1fc68599f..e7af65260 100644
--- a/application/controllers/Expenses_categories.php
+++ b/application/controllers/Expenses_categories.php
@@ -24,7 +24,7 @@ class Expenses_categories extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->post('sort') === NULL ? 'category_name' : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$expense_categories = $this->Expense_category->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Giftcards.php b/application/controllers/Giftcards.php
index ef1e97fdc..a988361b8 100644
--- a/application/controllers/Giftcards.php
+++ b/application/controllers/Giftcards.php
@@ -24,7 +24,7 @@ class Giftcards extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? 'giftcard_number' : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$giftcards = $this->Giftcard->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Item_kits.php b/application/controllers/Item_kits.php
index 1ba2c8abf..3349a14f7 100644
--- a/application/controllers/Item_kits.php
+++ b/application/controllers/Item_kits.php
@@ -59,7 +59,7 @@ class Item_kits extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? NAME : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$item_kits = $this->Item_kit->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Items.php b/application/controllers/Items.php
index 68f7c7cde..3526d9976 100644
--- a/application/controllers/Items.php
+++ b/application/controllers/Items.php
@@ -40,7 +40,7 @@ class Items extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->post('sort') === NULL ? NAME : $this->db->escape($this->input->get('sort'));
+		$sort = $this->input->get('sort');
 		$order = $this->input->get('order');
 
 		$this->item_lib->set_item_location($this->input->get('stock_location'));
diff --git a/application/controllers/Sales.php b/application/controllers/Sales.php
index ce3cd610d..2bdf80a90 100644
--- a/application/controllers/Sales.php
+++ b/application/controllers/Sales.php
@@ -54,10 +54,10 @@ class Sales extends Secure_Controller
 	public function search()
 	{
 		$search = $this->input->get('search');
-		$limit  = $this->input->get('limit');
+		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? 'sales.sale_time' : $this->db->escape($this->input->get('sort'));
-		$order  = $this->input->get('order');
+		$sort = $this->input->get('sort');
+		$order = $this->input->get('order');
 
 		$filters = array('sale_type' => 'all',
 						 'location_id' => 'all',
diff --git a/application/controllers/Suppliers.php b/application/controllers/Suppliers.php
index 54deeaec5..36b6f58ee 100644
--- a/application/controllers/Suppliers.php
+++ b/application/controllers/Suppliers.php
@@ -35,7 +35,7 @@ class Suppliers extends Persons
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? LAST_NAME : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$suppliers = $this->Supplier->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Tax_categories.php b/application/controllers/Tax_categories.php
index 453ff4776..952b166df 100644
--- a/application/controllers/Tax_categories.php
+++ b/application/controllers/Tax_categories.php
@@ -25,7 +25,7 @@ class Tax_categories extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? 'tax_category' : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$tax_categories = $this->Tax_category->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Tax_codes.php b/application/controllers/Tax_codes.php
index 68b372712..af21db696 100644
--- a/application/controllers/Tax_codes.php
+++ b/application/controllers/Tax_codes.php
@@ -29,7 +29,7 @@ class Tax_codes extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? 'tax_code_name' : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$tax_codes = $this->Tax_code->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Tax_jurisdictions.php b/application/controllers/Tax_jurisdictions.php
index 53ed54931..7059f7bcf 100644
--- a/application/controllers/Tax_jurisdictions.php
+++ b/application/controllers/Tax_jurisdictions.php
@@ -25,7 +25,7 @@ class Tax_jurisdictions extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->post('sort') === NULL ? 'jurisdiction_name' : $this->db->escape($this->input->get('sort'));
+		$sort   = $this->input->get('sort');
 		$order  = $this->input->get('order');
 
 		$tax_jurisdictions = $this->Tax_jurisdiction->search($search, $limit, $offset, $sort, $order);
diff --git a/application/controllers/Taxes.php b/application/controllers/Taxes.php
index da52500a1..c4adc08d8 100644
--- a/application/controllers/Taxes.php
+++ b/application/controllers/Taxes.php
@@ -57,7 +57,7 @@ class Taxes extends Secure_Controller
 		$search = $this->input->get('search');
 		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort  = $this->input->post('sort') === NULL ? 'tax_code_name' : $this->db->escape($this->input->get('sort'));
+		$sort = $this->input->get('sort');
 		$order = $this->input->get('order');
 
 		$tax_rates = $this->Tax->search($search, $limit, $offset, $sort, $order);