cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [security] blind SQL injection in searchAll 

- As reported by Zigrin Security
pull/151/head
Sami Mokaddem 2023-03-25 09:23:45 +01:00
parent 7df0169ecf
commit 5f1c99cd53
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Controller/InstanceController.php
View File

@ -38,6 +38,7 @@ class InstanceController extends AppController
$searchValue = $this->request->getQuery('search');
$model = $this->request->getQuery('model', null);
$limit = $this->request->getQuery('limit', 5);
$limit = is_numeric($limit) ? $limit : 5;
if (!empty($this->request->getQuery('show_all', false))) {
$limit = null;
}

2
src/Model/Table/InstanceTable.php
View File

@ -81,7 +81,7 @@ class InstanceTable extends AppTable
return $statistics;
}
public function searchAll($value, $user, $limit=5, $model=null)
public function searchAll($value, $user, int $limit=5, $model=null)
{
$results = [];
$models = $this->seachAllTables;