Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2024-11-10 03:42:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Only allow explicitly known order types through

Browse source
This commit is contained in:
Hank Grabowski 2023-02-28 13:10:45 -05:00
parent f0b3864c7a
commit 13672bccf4
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/Module/BaseApi.php
View file

@ -129,7 +129,18 @@ class BaseApi extends BaseModule
$condition = DBA::mergeConditions($condition, ["`uri-id` > ?", intval($request['min_id'])]);
}
} else {
$order_field = $requested_order;
switch ($requested_order) {
case TimelineOrderByTypes::RECEIVED:
case TimelineOrderByTypes::CHANGED:
case TimelineOrderByTypes::EDITED:
case TimelineOrderByTypes::CREATED:
case TimelineOrderByTypes::COMMENTED:
$order_field = $requested_order;
break;
default:
throw new \Exception("Unrecognized request order: $requested_order");
}
if (!empty($request['max_id'])) {
$condition = DBA::mergeConditions($condition, ["`$order_field` < ?", DateTimeFormat::convert($request['max_id'], DateTimeFormat::MYSQL)]);
}