From 5f1c99cd534442ec40c2129769608e3e61ff8be3 Mon Sep 17 00:00:00 2001
From: Sami Mokaddem <mokaddem.sami@gmail.com>
Date: Sat, 25 Mar 2023 09:23:45 +0100
Subject: [PATCH] fix: [security] blind SQL injection in searchAll

- As reported by Zigrin Security
---
 src/Controller/InstanceController.php | 1 +
 src/Model/Table/InstanceTable.php     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Controller/InstanceController.php b/src/Controller/InstanceController.php
index 5caf6ee..e641940 100644
--- a/src/Controller/InstanceController.php
+++ b/src/Controller/InstanceController.php
@@ -38,6 +38,7 @@ class InstanceController extends AppController
         $searchValue = $this->request->getQuery('search');
         $model = $this->request->getQuery('model', null);
         $limit = $this->request->getQuery('limit', 5);
+        $limit = is_numeric($limit) ? $limit : 5;
         if (!empty($this->request->getQuery('show_all', false))) {
             $limit = null;
         }
diff --git a/src/Model/Table/InstanceTable.php b/src/Model/Table/InstanceTable.php
index 624fe7a..afd04e0 100644
--- a/src/Model/Table/InstanceTable.php
+++ b/src/Model/Table/InstanceTable.php
@@ -81,7 +81,7 @@ class InstanceTable extends AppTable
         return $statistics;
     }
 
-    public function searchAll($value, $user, $limit=5, $model=null)
+    public function searchAll($value, $user, int $limit=5, $model=null)
     {
         $results = [];
         $models = $this->seachAllTables;