diff options
| author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2016-09-04 13:47:07 +0200 |
|---|---|---|
| committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2020-04-28 10:11:49 +0200 |
| commit | 96295ec84796551590d24a3516ccbba43469b6f6 (patch) | |
| tree | c24fbedd0a61f23665a7dcf32ec830f937b8cc47 | |
| parent | f9987d4a213627c6e09eee80743d42c344482e69 (diff) | |
| download | wallabag-96295ec84796551590d24a3516ccbba43469b6f6.tar.gz wallabag-96295ec84796551590d24a3516ccbba43469b6f6.tar.zst wallabag-96295ec84796551590d24a3516ccbba43469b6f6.zip | |
Validate sort field
Just to avoid people to sort on crazy unexistant field
| -rw-r--r-- | src/Wallabag/CoreBundle/Controller/EntryController.php | 8 | ||||
| -rw-r--r-- | src/Wallabag/CoreBundle/Repository/EntryRepository.php | 29 |
2 files changed, 23 insertions, 14 deletions
diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php index cef29990..ff90957b 100644 --- a/src/Wallabag/CoreBundle/Controller/EntryController.php +++ b/src/Wallabag/CoreBundle/Controller/EntryController.php | |||
| @@ -532,8 +532,12 @@ class EntryController extends Controller | |||
| 532 | $searchTerm = (isset($request->get('search_entry')['term']) ? $request->get('search_entry')['term'] : ''); | 532 | $searchTerm = (isset($request->get('search_entry')['term']) ? $request->get('search_entry')['term'] : ''); |
| 533 | $currentRoute = (null !== $request->query->get('currentRoute') ? $request->query->get('currentRoute') : ''); | 533 | $currentRoute = (null !== $request->query->get('currentRoute') ? $request->query->get('currentRoute') : ''); |
| 534 | 534 | ||
| 535 | $sortBy = $request->get('sort', 'id'); | 535 | $sortBy = 'id'; |
| 536 | $direction = $request->get('direction', 'DESC'); | 536 | if (in_array($request->get('sort', 'id'), ['id', 'created_at', 'title', 'updated_at'], true)) { |
| 537 | $sortBy = $request->get('sort', 'id'); | ||
| 538 | } | ||
| 539 | |||
| 540 | $direction = 'DESC' === $request->get('direction') ? 'DESC' : 'ASC'; | ||
| 537 | 541 | ||
| 538 | switch ($type) { | 542 | switch ($type) { |
| 539 | case 'search': | 543 | case 'search': |
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php index 92d1867b..cf1cdb8a 100644 --- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php +++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php | |||
| @@ -16,7 +16,9 @@ class EntryRepository extends EntityRepository | |||
| 16 | /** | 16 | /** |
| 17 | * Retrieves all entries for a user. | 17 | * Retrieves all entries for a user. |
| 18 | * | 18 | * |
| 19 | * @param int $userId | 19 | * @param int $userId |
| 20 | * @param string $sortBy Field to sort | ||
| 21 | * @param string $direction Direction of the order | ||
| 20 | * | 22 | * |
| 21 | * @return QueryBuilder | 23 | * @return QueryBuilder |
| 22 | */ | 24 | */ |
| @@ -30,48 +32,51 @@ class EntryRepository extends EntityRepository | |||
| 30 | /** | 32 | /** |
| 31 | * Retrieves unread entries for a user. | 33 | * Retrieves unread entries for a user. |
| 32 | * | 34 | * |
| 33 | * @param int $userId | 35 | * @param int $userId |
| 36 | * @param string $sortBy Field to sort | ||
| 37 | * @param string $direction Direction of the order | ||
| 34 | * | 38 | * |
| 35 | * @return QueryBuilder | 39 | * @return QueryBuilder |
| 36 | */ | 40 | */ |
| 37 | public function getBuilderForUnreadByUser($userId, $sortBy = 'id', $direction = 'DESC') | 41 | public function getBuilderForUnreadByUser($userId, $sortBy = 'id', $direction = 'DESC') |
| 38 | { | 42 | { |
| 39 | return $this | 43 | return $this |
| 40 | ->getSortedQueryBuilderByUser($userId) | 44 | ->getSortedQueryBuilderByUser($userId, $sortBy, $direction) |
| 41 | ->andWhere('e.isArchived = false') | 45 | ->andWhere('e.isArchived = false') |
| 42 | ->orderBy('e.'.$sortBy, $direction) | ||
| 43 | ; | 46 | ; |
| 44 | } | 47 | } |
| 45 | 48 | ||
| 46 | /** | 49 | /** |
| 47 | * Retrieves read entries for a user. | 50 | * Retrieves read entries for a user. |
| 48 | * | 51 | * |
| 49 | * @param int $userId | 52 | * @param int $userId |
| 53 | * @param string $sortBy Field to sort | ||
| 54 | * @param string $direction Direction of the order | ||
| 50 | * | 55 | * |
| 51 | * @return QueryBuilder | 56 | * @return QueryBuilder |
| 52 | */ | 57 | */ |
| 53 | public function getBuilderForArchiveByUser($userId, $sortBy = 'id', $direction = 'DESC') | 58 | public function getBuilderForArchiveByUser($userId, $sortBy = 'archivedAt', $direction = 'DESC') |
| 54 | { | 59 | { |
| 55 | return $this | 60 | return $this |
| 56 | ->getSortedQueryBuilderByUser($userId, 'archivedAt', 'desc') | 61 | ->getSortedQueryBuilderByUser($userId, $sortBy, $direction) |
| 57 | ->andWhere('e.isArchived = true') | 62 | ->andWhere('e.isArchived = true') |
| 58 | ->orderBy('e.'.$sortBy, $direction) | ||
| 59 | ; | 63 | ; |
| 60 | } | 64 | } |
| 61 | 65 | ||
| 62 | /** | 66 | /** |
| 63 | * Retrieves starred entries for a user. | 67 | * Retrieves starred entries for a user. |
| 64 | * | 68 | * |
| 65 | * @param int $userId | 69 | * @param int $userId |
| 70 | * @param string $sortBy Field to sort | ||
| 71 | * @param string $direction Direction of the order | ||
| 66 | * | 72 | * |
| 67 | * @return QueryBuilder | 73 | * @return QueryBuilder |
| 68 | */ | 74 | */ |
| 69 | public function getBuilderForStarredByUser($userId, $sortBy = 'id', $direction = 'DESC') | 75 | public function getBuilderForStarredByUser($userId, $sortBy = 'starredAt', $direction = 'DESC') |
| 70 | { | 76 | { |
| 71 | return $this | 77 | return $this |
| 72 | ->getSortedQueryBuilderByUser($userId, 'starredAt', 'desc') | 78 | ->getSortedQueryBuilderByUser($userId, $sortBy, $direction) |
| 73 | ->andWhere('e.isStarred = true') | 79 | ->andWhere('e.isStarred = true') |
| 74 | ->orderBy('e.'.$sortBy, $direction) | ||
| 75 | ; | 80 | ; |
| 76 | } | 81 | } |
| 77 | 82 | ||