From 18f5cea09bfd6e66dc90bd727fec5d4bd5840635 Mon Sep 17 00:00:00 2001
From: Chloe Deguzman <chloe.deguzman@processmaker.com>
Date: Thu, 3 Mar 2016 19:50:55 +0000
Subject: [PATCH] HOR-280 Added restrictions to what can and cannot be used for
 sort argument in processList

---
 .../engine/methods/cases/proxyProcessList.php | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/workflow/engine/methods/cases/proxyProcessList.php b/workflow/engine/methods/cases/proxyProcessList.php
index c522a6732..6d72d43e8 100755
--- a/workflow/engine/methods/cases/proxyProcessList.php
+++ b/workflow/engine/methods/cases/proxyProcessList.php
@@ -45,6 +45,27 @@ try {
         $Criteria->setOffset( $start );
     }
 
+    $allowedSortField = array( 
+        "PRO_TITLE",
+        "PROJECT_TYPE",
+        "PRO_CATEGORY_LABEL",
+        "PRO_STATUS_LABEL",
+        "PRO_CREATE_USER_LABEL",
+        "PRO_CREATE_DATE",
+        "CASES_COUNT_TO_DO",
+        "CASES_COUNT_DRAFT",
+        "CASES_COUNT_COMPLETED",
+        "CASES_COUNT_CANCELLED",
+        "CASES_COUNT",
+        "PRO_DEBUG_LABEL",
+        "PRO_TYPE_PROCESS",
+        "PRO_UPDATE_DATE",
+    );
+    
+    if(!in_array($sort, $allowedSortField)) { 
+        $sort = '';
+    }
+
     if ($sort != '') {
         if ($dir == 'DESC') {
             $Criteria->addDescendingOrderByColumn( $sort );