fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-285 Updated documentation regarding sort by filtering.

Browse Source
This commit is contained in:
Chloe Deguzman
2016-03-04 21:00:13 +00:00
parent 18f5cea09b
commit 6e94f44d25
2 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
workflow/engine/methods/cases/proxyProcessList.php
View File

@@ -44,6 +44,16 @@ try {
if (isset( $start )) { if (isset( $start )) {
$Criteria->setOffset( $start ); $Criteria->setOffset( $start );
} }
// The $sort field is arbitrary
// This can result in ORDER BY
// SQL injection
// This ensures that ORDER BY will ONLY
// use a known good sort field.
// There is a matching list on the javascript side at
// workflow/engine/templates/processes/main.js
$allowedSortField = array( $allowedSortField = array(
"PRO_TITLE", "PRO_TITLE",

9
workflow/engine/templates/processes/main.js
View File

@@ -279,6 +279,15 @@ Ext.onReady(function(){
}, },
columns: [ columns: [
expander, expander,
// There is a list of allowed columns to sort:
// workflow/engine/methods/cases/proxyProcessList.php
// This is to prevent ORDER BY injection attacks
// It is identical to this list.
// If you need to add a new column that is sortable, please
// make sure it is added there or sorting will not work.
{id:'PRO_UID', dataIndex: 'PRO_UID', hidden:true, hideable:false}, {id:'PRO_UID', dataIndex: 'PRO_UID', hidden:true, hideable:false},
{header: "", dataIndex: 'PRO_STATUS', width: 50, hidden:true, hideable:false}, {header: "", dataIndex: 'PRO_STATUS', width: 50, hidden:true, hideable:false},
{header: _('ID_PRO_DESCRIPTION'), dataIndex: 'PRO_DESCRIPTION',hidden:true, hideable:false}, {header: _('ID_PRO_DESCRIPTION'), dataIndex: 'PRO_DESCRIPTION',hidden:true, hideable:false},