You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@fineract.apache.org by al...@apache.org on 2023/02/21 06:25:52 UTC

[fineract] branch develop updated: FINERACT-1892: Paging fix

This is an automated email from the ASF dual-hosted git repository.

aleks pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git


The following commit(s) were added to refs/heads/develop by this push:
     new 34e8b046a FINERACT-1892: Paging fix
34e8b046a is described below

commit 34e8b046a2821271b63cf5161834f54b9b736bff
Author: Aleks <al...@apache.org>
AuthorDate: Sun Feb 19 22:47:52 2023 +0100

    FINERACT-1892: Paging fix
---
 .../fineract/infrastructure/core/data/PaginationParameters.java       | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
index de5915d18..4a2eb6bb7 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
@@ -19,6 +19,7 @@
 package org.apache.fineract.infrastructure.core.data;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator;
 
 /**
  * <p>
@@ -44,6 +45,9 @@ public final class PaginationParameters {
     }
 
     private PaginationParameters(boolean paged, Integer offset, Integer limit, String orderBy, String sortOrder) {
+        SQLInjectionValidator.validateSQLInput(orderBy);
+        SQLInjectionValidator.validateSQLInput(sortOrder);
+
         this.paged = paged;
         this.offset = offset;
         this.limit = limit;