fix: [security] blind SQL injection in searchAll
- As reported by Zigrin Securitypull/151/head
parent
7df0169ecf
commit
5f1c99cd53
|
@ -38,6 +38,7 @@ class InstanceController extends AppController
|
||||||
$searchValue = $this->request->getQuery('search');
|
$searchValue = $this->request->getQuery('search');
|
||||||
$model = $this->request->getQuery('model', null);
|
$model = $this->request->getQuery('model', null);
|
||||||
$limit = $this->request->getQuery('limit', 5);
|
$limit = $this->request->getQuery('limit', 5);
|
||||||
|
$limit = is_numeric($limit) ? $limit : 5;
|
||||||
if (!empty($this->request->getQuery('show_all', false))) {
|
if (!empty($this->request->getQuery('show_all', false))) {
|
||||||
$limit = null;
|
$limit = null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,7 +81,7 @@ class InstanceTable extends AppTable
|
||||||
return $statistics;
|
return $statistics;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function searchAll($value, $user, $limit=5, $model=null)
|
public function searchAll($value, $user, int $limit=5, $model=null)
|
||||||
{
|
{
|
||||||
$results = [];
|
$results = [];
|
||||||
$models = $this->seachAllTables;
|
$models = $this->seachAllTables;
|
||||||
|
|
Loading…
Reference in New Issue