chg: [component:CRUD] Added validation of order fields

refacto/CRUDComponent
Sami Mokaddem 2023-02-20 10:17:20 +01:00
parent c561fba7ae
commit e375e24a6d
No known key found for this signature in database
GPG Key ID: 164C473F627A06FA
1 changed files with 35 additions and 1 deletions

View File

@ -73,7 +73,11 @@ class CRUDComponent extends Component
$query->select($options['fields']);
}
if (!empty($options['order'])) {
$query->order($options['order']);
$orderFields = array_keys($options['order']);
if ($this->_validOrderFields($orderFields)) {
$query->order($options['order']);
$this->Controller->paginate['order'] = $options['order'];
}
}
if ($this->Controller->ParamHandler->isRest()) {
if ($this->metaFieldsSupported()) {
@ -1581,4 +1585,34 @@ class CRUDComponent extends Component
}
return $typeMap;
}
protected function _validOrderFields($fields): bool
{
if (!is_array($fields)) {
$fields = [$fields];
}
foreach ($fields as $field) {
$exploded = explode('.', $field);
if (count($exploded) > 1) {
$model = $exploded[0];
$subField = $exploded[1];
if ($model == $this->Table->getAlias()) {
if (empty($this->Table->getSchema()->typeMap()[$subField])) {
return false;
}
} else {
$association = $this->Table->associations()->get($model);
$associatedTable = $association->getTarget();
if (empty($associatedTable->getSchema()->typeMap()[$subField])) {
return false;
}
}
} else {
if (empty($this->Table->getSchema()->typeMap()[$field])) {
return false;
}
}
}
return true;
}
}