Avoid error when a bad `order` parameter is given

[github/wallabag/wallabag.git] / src / Wallabag / CoreBundle / Repository / EntryRepository.php

diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
index 34123eea699bff74a0ea1e7b126fd390a8b0dbf0..cebce71474bb534c223c5d0a95740cff8dd8af86 100644 (file)
--- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
@@ -142,7 +142,7 @@ class EntryRepository extends EntityRepository
      *
      * @return Pagerfanta
      */
-    public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'ASC', $since = 0, $tags = '')
+    public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'asc', $since = 0, $tags = '')
     {
         $qb = $this->createQueryBuilder('e')
             ->leftJoin('e.tags', 't')
@@ -185,6 +185,10 @@ class EntryRepository extends EntityRepository
             }
         }
 
+        if (!\in_array(strtolower($order), ['asc', 'desc'], true)) {
+            throw new \Exception('Order "' . $order . '" parameter is wrong, allowed: asc or desc');
+        }
+
         if ('created' === $sort) {
             $qb->orderBy('e.id', $order);
         } elseif ('updated' === $sort) {
@@ -450,7 +454,7 @@ class EntryRepository extends EntityRepository
      */
     private function getSortedQueryBuilderByUser($userId, $sortBy = 'createdAt', $direction = 'desc')
     {
-        return $this->sortQueryBuilder($this->getQueryBuilderByUser($userId));
+        return $this->sortQueryBuilder($this->getQueryBuilderByUser($userId), $sortBy, $direction);
     }
 
     /**