HOR-280 Added restrictions to what can and cannot be used for sort argument in processList

workflow/engine/methods/cases/proxyProcessList.php

@@ -45,6 +45,27 @@ try {
         $Criteria->setOffset( $start );
     }
 
+    $allowedSortField = array( 
+        "PRO_TITLE",
+        "PROJECT_TYPE",
+        "PRO_CATEGORY_LABEL",
+        "PRO_STATUS_LABEL",
+        "PRO_CREATE_USER_LABEL",
+        "PRO_CREATE_DATE",
+        "CASES_COUNT_TO_DO",
+        "CASES_COUNT_DRAFT",
+        "CASES_COUNT_COMPLETED",
+        "CASES_COUNT_CANCELLED",
+        "CASES_COUNT",
+        "PRO_DEBUG_LABEL",
+        "PRO_TYPE_PROCESS",
+        "PRO_UPDATE_DATE",
+    );
+    
+    if(!in_array($sort, $allowedSortField)) { 
+        $sort = '';
+    }
+
     if ($sort != '') {
         if ($dir == 'DESC') {
             $Criteria->addDescendingOrderByColumn( $sort );