diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-14 17:01:21 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-14 17:01:21 +0100 |
commit | 78e3fafa3fab86638295fe1ee2a05a559bf56ab1 (patch) | |
tree | 904be517d033438c36b29d2b5c3227f630455b0a /src/Wallabag/CoreBundle/Repository | |
parent | a5e9a98aa3c67ac1ad1aff1a250ef8fdc3c24def (diff) | |
download | wallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.tar.gz wallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.tar.zst wallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.zip |
Avoid error when a bad `order` parameter is given
Only allowed parameter are asc & desc
Diffstat (limited to 'src/Wallabag/CoreBundle/Repository')
-rw-r--r-- | src/Wallabag/CoreBundle/Repository/EntryRepository.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php index 83379998..cebce714 100644 --- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php +++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php | |||
@@ -142,7 +142,7 @@ class EntryRepository extends EntityRepository | |||
142 | * | 142 | * |
143 | * @return Pagerfanta | 143 | * @return Pagerfanta |
144 | */ | 144 | */ |
145 | public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'ASC', $since = 0, $tags = '') | 145 | public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'asc', $since = 0, $tags = '') |
146 | { | 146 | { |
147 | $qb = $this->createQueryBuilder('e') | 147 | $qb = $this->createQueryBuilder('e') |
148 | ->leftJoin('e.tags', 't') | 148 | ->leftJoin('e.tags', 't') |
@@ -185,6 +185,10 @@ class EntryRepository extends EntityRepository | |||
185 | } | 185 | } |
186 | } | 186 | } |
187 | 187 | ||
188 | if (!\in_array(strtolower($order), ['asc', 'desc'], true)) { | ||
189 | throw new \Exception('Order "' . $order . '" parameter is wrong, allowed: asc or desc'); | ||
190 | } | ||
191 | |||
188 | if ('created' === $sort) { | 192 | if ('created' === $sort) { |
189 | $qb->orderBy('e.id', $order); | 193 | $qb->orderBy('e.id', $order); |
190 | } elseif ('updated' === $sort) { | 194 | } elseif ('updated' === $sort) { |