This is an automated email from the ASF dual-hosted git repository.
aleks pushed a commit to branch 1.8.4
in repository https://gitbox.apache.org/repos/asf/fineract.git
The following commit(s) were added to refs/heads/1.8.4 by this push:
new 8cede8d39 FINERACT-1868: Paging fix for 1.8.x
8cede8d39 is described below
commit 8cede8d393d717cb163c18c3e22cca22eb230dd4
Author: Aleks <[email protected]>
AuthorDate: Wed Jan 25 23:15:31 2023 +0100
FINERACT-1868: Paging fix for 1.8.x
---
.../fineract/infrastructure/core/data/PaginationParameters.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git
a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
index de5915d18..4a2eb6bb7 100644
---
a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
+++
b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
@@ -19,6 +19,7 @@
package org.apache.fineract.infrastructure.core.data;
import org.apache.commons.lang3.StringUtils;
+import org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator;
/**
* <p>
@@ -44,6 +45,9 @@ public final class PaginationParameters {
}
private PaginationParameters(boolean paged, Integer offset, Integer limit,
String orderBy, String sortOrder) {
+ SQLInjectionValidator.validateSQLInput(orderBy);
+ SQLInjectionValidator.validateSQLInput(sortOrder);
+
this.paged = paged;
this.offset = offset;
this.limit = limit;
