oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-10-20 19:52:09 +00:00
Code Wiki Activity

Avoid error when a bad order parameter is given

Browse source 
Only allowed parameter are asc & desc
This commit is contained in:
Jeremy Benoist 2019-01-14 17:01:21 +01:00
parent a5e9a98aa3
commit 78e3fafa3f
No known key found for this signature in database
GPG key ID: BCA73962457ACC3C
3 changed files with 32 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Wallabag/CoreBundle/Repository/EntryRepository.php
View file

@ -142,7 +142,7 @@ class EntryRepository extends EntityRepository
*
* @return Pagerfanta
*/
public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'ASC', $since = 0, $tags = '')
public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'asc', $since = 0, $tags = '')
{
$qb = $this->createQueryBuilder('e')
->leftJoin('e.tags', 't')
@ -185,6 +185,10 @@ class EntryRepository extends EntityRepository
}
}
if (!\in_array(strtolower($order), ['asc', 'desc'], true)) {
throw new \Exception('Order "' . $order . '" parameter is wrong, allowed: asc or desc');
}
if ('created' === $sort) {
$qb->orderBy('e.id', $order);
} elseif ('updated' === $sort) {