Ollama 90da63cb13 fix(security): prevent SQL injection in tax controller sort columns ...

Add sanitizeSortColumn() validation to prevent SQL injection in the
sort parameter of search() methods in tax-related controllers.

Vulnerable controllers:
- Taxes.php: sort column was passed directly to model
- Tax_categories.php: sort column was passed directly to model
- Tax_codes.php: sort column was passed directly to model
- Tax_jurisdictions.php: sort column was passed directly to model

Fix: Use sanitizeSortColumn() to validate sort column against
allowed headers, defaulting to primary key if invalid.

2026-04-06 18:37:07 +00:00

23 KiB

Raw Blame History

View Raw