]> git.immae.eu Git - github/wallabag/wallabag.git/blobdiff - src/Wallabag/CoreBundle/Controller/EntryController.php
projects / github / wallabag / wallabag.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Validate sort field
[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Controller / EntryController.php
diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php
index cef299900d0636970c4e8e3c3a6477893446b3ec..ff90957b9917661f879472a5186d28dea6ab26a1 100644 (file)
--- a/src/Wallabag/CoreBundle/Controller/EntryController.php
+++ b/src/Wallabag/CoreBundle/Controller/EntryController.php
@@ -532,8 +532,12 @@ class EntryController extends Controller
         $searchTerm = (isset($request->get('search_entry')['term']) ? $request->get('search_entry')['term'] : '');
         $currentRoute = (null !== $request->query->get('currentRoute') ? $request->query->get('currentRoute') : '');
 
-        $sortBy = $request->get('sort', 'id');
-        $direction = $request->get('direction', 'DESC');
+        $sortBy = 'id';
+        if (in_array($request->get('sort', 'id'), ['id', 'created_at', 'title', 'updated_at'], true)) {
+            $sortBy = $request->get('sort', 'id');
+        }
+
+        $direction = 'DESC' === $request->get('direction') ? 'DESC' : 'ASC';
 
         switch ($type) {
             case 'search':
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.