opensourcepos/app/Controllers/Tax_codes.php at 165c3351eb8bed4e32863d8da71a7f718dfbf9be

mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-04-17 05:19:43 -04:00

Files

Ollama 90da63cb13 fix(security): prevent SQL injection in tax controller sort columns

Add sanitizeSortColumn() validation to prevent SQL injection in the
sort parameter of search() methods in tax-related controllers.

Vulnerable controllers:
- Taxes.php: sort column was passed directly to model
- Tax_categories.php: sort column was passed directly to model
- Tax_codes.php: sort column was passed directly to model
- Tax_jurisdictions.php: sort column was passed directly to model

Fix: Use sanitizeSortColumn() to validate sort column against
allowed headers, defaulting to primary key if invalid.

2026-04-06 18:37:07 +00:00

4.4 KiB

Raw Blame History

View Raw

4.4 KiB Raw Blame History

4.4 KiB

Raw Blame History