diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php index 81c8efc12..68d3a9240 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/AbstractCases.php @@ -34,6 +34,8 @@ class AbstractCases implements CasesInterface const STATUS_TODO = 2; const STATUS_COMPLETED = 3; const STATUS_CANCELED = 4; + // Order by column allowed + const ORDER_BY_COLUMN_ALLOWED = ['APP_NUMBER', 'DEL_TITLE', 'PRO_TITLE']; // Filter by category from a process, know as "$category" in the old lists classes private $categoryUid = ''; @@ -957,6 +959,11 @@ class AbstractCases implements CasesInterface // Convert the value to upper case $orderByColumn = strtoupper($orderByColumn); + // Validate the order by column + if (!in_array($orderByColumn, self::ORDER_BY_COLUMN_ALLOWED)) { + throw new Exception("Order by column '{$orderByColumn}' is not valid."); + } + $this->orderByColumn = $orderByColumn; } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Home.php b/workflow/engine/src/ProcessMaker/Services/Api/Home.php index a285a59bd..da6a1a77f 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Home.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Home.php @@ -85,8 +85,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -143,8 +143,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -201,8 +201,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; // todo: some queries related to the unassigned are using the USR_UID @@ -261,8 +261,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties); @@ -335,8 +335,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $result = []; @@ -494,8 +494,8 @@ class Home extends Api // Set the pagination parameters $paged = explode(',', $paged); $sort = explode(',', $sort); - $properties['start'] = $paged[0]; - $properties['limit'] = $paged[1]; + $properties['start'] = (int)$paged[0]; + $properties['limit'] = (int)$paged[1]; $properties['sort'] = $sort[0]; $properties['dir'] = $sort[1]; $list->setProperties($properties);