FINERACT-1869: Paging fix for 1.7.x

commit: e4c8a7d835d766589ff972c8315753f19fa60481 [log] [tgz]
author: Aleksandar Vidakovic <aleks@apache.org> Sun Feb 19 22:41:56 2023 +0100
committer: Aleksandar Vidakovic <vidakovic@users.noreply.github.com> Tue Feb 21 07:24:01 2023 +0100
tree: 1023151cbc2525737a8f6174a4af45a1b9eb579b
parent: 39833bf0d7b4849c401f7318dee8fa6fa87b2f1f [diff]
diff --git a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
index de5915d..4a2eb6b 100644
--- a/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java
+++ b/fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/PaginationParameters.java

@@ -19,6 +19,7 @@
 package org.apache.fineract.infrastructure.core.data;
 
 import org.apache.commons.lang3.StringUtils;
+import org.apache.fineract.infrastructure.security.utils.SQLInjectionValidator;
 
 /**
  * <p>
@@ -44,6 +45,9 @@
     }
 
     private PaginationParameters(boolean paged, Integer offset, Integer limit, String orderBy, String sortOrder) {
+        SQLInjectionValidator.validateSQLInput(orderBy);
+        SQLInjectionValidator.validateSQLInput(sortOrder);
+
         this.paged = paged;
         this.offset = offset;
         this.limit = limit;
commit	e4c8a7d835d766589ff972c8315753f19fa60481	[log] [tgz]
author	Aleksandar Vidakovic <aleks@apache.org>	Sun Feb 19 22:41:56 2023 +0100
committer	Aleksandar Vidakovic <vidakovic@users.noreply.github.com>	Tue Feb 21 07:24:01 2023 +0100
tree	1023151cbc2525737a8f6174a4af45a1b9eb579b
parent	39833bf0d7b4849c401f7318dee8fa6fa87b2f1f [diff]