diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php index c62f3c423..20d2bd744 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php @@ -34,6 +34,8 @@ class AbstractCases implements CasesInterface const STATUS_TODO = 2; const STATUS_COMPLETED = 3; const STATUS_CANCELED = 4; + // Order by column allowed + const ORDER_BY_COLUMN_ALLOWED = ['APP_NUMBER', 'DEL_TITLE', 'PRO_TITLE']; // Filter by category from a process, know as "$category" in the old lists classes private $categoryUid = ''; @@ -957,6 +959,11 @@ class AbstractCases implements CasesInterface // Convert the value to upper case $orderByColumn = strtoupper($orderByColumn); + // Validate the order by column + if (!in_array($orderByColumn, self::ORDER_BY_COLUMN_ALLOWED)) { + throw new Exception("Order by column '{$orderByColumn}' is not valid."); + } + $this->orderByColumn = $orderByColumn; } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Home.php b/workflow/engine/src/ProcessMaker/Services/Api/Home.php index 39a6ad256..39643ce26 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Home.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Home.php @@ -82,8 +82,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -137,8 +137,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -192,8 +192,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; // todo: some queries related to the unassigned are using the USR_UID @@ -249,8 +249,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -320,8 +320,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $result = []; @@ -479,8 +479,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties);