Fix/security 3 (#2744)

* Adding orderby sanitization.
gocodebox · Aug 22, 2024 · 7d06430 · 7d06430
1 parent b9ce707
commit 7d06430
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 13 deletions.
diff --git a/.changelogs/fix_security-3.yml b/.changelogs/fix_security-3.yml
@@ -0,0 +1,3 @@
+significance: patch
+type: fixed
+entry: Fixes sanitization as reported by FKSEC.
diff --git a/includes/abstracts/abstract.llms.database.query.php b/includes/abstracts/abstract.llms.database.query.php
@@ -232,7 +232,6 @@ protected function sql_limit() {
 	 * @return string
 	 */
 	protected function sql_orderby() {
-
 		$sql = '';
 
 		$sort = $this->get( 'sort' );
@@ -244,7 +243,7 @@ protected function sql_orderby() {
 
 			foreach ( $sort as $orderby => $order ) {
 				$pre   = ( $comma ) ? ', ' : ' ';
-				$sql  .= $pre . "{$orderby} {$order}";
+				$sql  .= $pre . sanitize_sql_orderby( "{$orderby} {$order}" );
 				$comma = true;
 			}
 		}

diff --git a/includes/notifications/class.llms.notifications.query.php b/includes/notifications/class.llms.notifications.query.php
@@ -94,7 +94,6 @@ protected function get_default_args() {
 		 * @param LLMS_Notifications_Query $notifications_query Instance of `LLMS_Notifications_Query`.
 		 */
 		return apply_filters( 'llms_notifications_query_default_args', $args, $this );
-
 	}
 
 	/**
@@ -139,7 +138,6 @@ public function get_notifications() {
 		 * @param LLMS_Notifications_Query $notifications_query Instance of `LLMS_Notifications_Query`.
 		 */
 		return apply_filters( 'llms_notifications_query_get_notifications', $notifications, $this );
-
 	}
 
 	/**
@@ -153,7 +151,6 @@ protected function parse_args() {
 
 		$this->parse_statuses();
 		$this->parse_types();
-
 	}
 
 	/**
@@ -176,7 +173,6 @@ private function parse_statuses() {
 		$statuses = array_intersect( $statuses, $this->get_available_statuses() );
 
 		$this->arguments['statuses'] = $statuses;
-
 	}
 
 	/**
@@ -198,7 +194,6 @@ private function parse_types() {
 		// ensure only valid types are used
 		$types                    = array_intersect( $types, $this->get_available_types() );
 		$this->arguments['types'] = $types;
-
 	}
 
 	/**
@@ -218,7 +213,6 @@ private function parse_triggers() {
 		}
 
 		$this->arguments['triggers'] = $triggers;
-
 	}
 
 	/**
@@ -254,7 +248,6 @@ protected function prepare_query() {
 		// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
 
 		return $sql;
-
 	}
 
 	/**
@@ -275,7 +268,7 @@ protected function sql_orderby() {
 
 		foreach ( $this->get( 'sort' ) as $orderby => $order ) {
 			$pre   = ( $comma ) ? ', ' : ' ';
-			$sql  .= $pre . "n.{$orderby} {$order}";
+			$sql  .= $pre . 'n.' . sanitize_sql_orderby( "{$orderby} {$order}" );
 			$comma = true;
 		}
 
@@ -292,7 +285,6 @@ protected function sql_orderby() {
 		 * @param LLMS_Notifications_Query $notifications_query Instance of LLMS_Events_Query.
 		 */
 		return apply_filters( 'llms_notifications_query_where', $sql, $this );
-
 	}
 
 	/**
@@ -344,7 +336,5 @@ private function sql_where() {
 		}
 
 		return $where;
-
 	}
-
 }