commit | e4c8a7d835d766589ff972c8315753f19fa60481 | [log] [tgz] |
---|---|---|
author | Aleksandar Vidakovic <aleks@apache.org> | Sun Feb 19 22:41:56 2023 +0100 |
committer | Aleksandar Vidakovic <vidakovic@users.noreply.github.com> | Tue Feb 21 07:24:01 2023 +0100 |
tree | 1023151cbc2525737a8f6174a4af45a1b9eb579b | |
parent | 39833bf0d7b4849c401f7318dee8fa6fa87b2f1f [diff] |
FINERACT-1869: Paging fix for 1.7.x
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java index de5915d..4a2eb6b 100644 --- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java +++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
@@ -19,6 +19,7 @@ package org.apache.fineract.infrastructure.core.data; import org.apache.commons.lang3.StringUtils; +import org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator; /** * <p> @@ -44,6 +45,9 @@ } private PaginationParameters(boolean paged, Integer offset, Integer limit, String orderBy, String sortOrder) { + SQLInjectionValidator.validateSQLInput(orderBy); + SQLInjectionValidator.validateSQLInput(sortOrder); + this.paged = paged; this.offset = offset; this.limit = limit;