You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by al...@apache.org on 2023/02/19 21:01:56 UTC

[fineract] branch 1.8.4 updated: FINERACT-1868: Paging fix for 1.8.x

This is an automated email from the ASF dual-hosted git repository.

aleks pushed a commit to branch 1.8.4
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/1.8.4 by this push:
     new 8cede8d39 FINERACT-1868: Paging fix for 1.8.x
8cede8d39 is described below

commit 8cede8d393d717cb163c18c3e22cca22eb230dd4
Author: Aleks <al...@apache.org>
AuthorDate: Wed Jan 25 23:15:31 2023 +0100

    FINERACT-1868: Paging fix for 1.8.x
---
 .../fineract/infrastructure/core/data/PaginationParameters.java       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
index de5915d18..4a2eb6bb7 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
@@ -19,6 +19,7 @@
 package org.apache.fineract.infrastructure.core.data;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator;
 
 /**
  * <p>
@@ -44,6 +45,9 @@ public final class PaginationParameters {
     }
 
     private PaginationParameters(boolean paged, Integer offset, Integer limit, String orderBy, String sortOrder) {
+        SQLInjectionValidator.validateSQLInput(orderBy);
+        SQLInjectionValidator.validateSQLInput(sortOrder);
+
         this.paged = paged;
         this.offset = offset;
         this.limit = limit;