Blind sql injection fixes rework (#3284)

application/controllers/Attributes.php

@@ -24,7 +24,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Attribute->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$attributes = $this->Attribute->search($search, $limit, $offset, $sort, $order);

application/controllers/Cashups.php

@@ -25,7 +25,7 @@ public function search()
 		$search   = $this->input->get('search');
 		$limit    = $this->input->get('limit');
 		$offset   = $this->input->get('offset');
-		$sort     = $this->input->get('sort');
+		$sort     = $this->Cashup->sort_column($this->input->get('sort'));
 		$order    = $this->input->get('order');
 		$filters  = array(
 					 'start_date' => $this->input->get('start_date'),

application/controllers/Customers.php

@@ -58,7 +58,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Customer->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$customers = $this->Customer->search($search, $limit, $offset, $sort, $order);

application/controllers/Employees.php

@@ -17,7 +17,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Employee->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$employees = $this->Employee->search($search, $limit, $offset, $sort, $order);

application/controllers/Expenses.php

@@ -30,7 +30,7 @@ public function search()
 		$search   = $this->input->get('search');
 		$limit    = $this->input->get('limit');
 		$offset   = $this->input->get('offset');
-		$sort     = $this->input->get('sort');
+		$sort     = $this->Expense->sort_column($this->input->get('sort'));
 		$order    = $this->input->get('order');
 		$filters  = array(
 					 'start_date' => $this->input->get('start_date'),

application/controllers/Expenses_categories.php

@@ -24,7 +24,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Expense_category->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$expense_categories = $this->Expense_category->search($search, $limit, $offset, $sort, $order);

application/controllers/Giftcards.php

@@ -24,7 +24,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Giftcard->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$giftcards = $this->Giftcard->search($search, $limit, $offset, $sort, $order);

application/controllers/Item_kits.php

@@ -59,7 +59,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Item_kit->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$item_kits = $this->Item_kit->search($search, $limit, $offset, $sort, $order);

application/controllers/Items.php

@@ -40,7 +40,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->get('sort');
+		$sort = $this->Item->sort_column($this->input->get('sort'));
 		$order = $this->input->get('order');
 
 		$this->item_lib->set_item_location($this->input->get('stock_location'));

application/controllers/Sales.php

@@ -56,7 +56,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->get('sort');
+		$sort = $this->Sale->sort_column($this->input->get('sort'));
 		$order = $this->input->get('order');
 
 		$filters = array('sale_type' => 'all',

application/controllers/Suppliers.php

@@ -35,7 +35,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Supplier->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$suppliers = $this->Supplier->search($search, $limit, $offset, $sort, $order);

application/controllers/Tax_categories.php

@@ -9,7 +9,6 @@ public function __construct()
 		parent::__construct('tax_categories');
 	}
 
-
 	public function index()
 	{
 		 $data['tax_categories_table_headers'] = $this->xss_clean(get_tax_categories_table_headers());
@@ -25,7 +24,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Tax_category->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$tax_categories = $this->Tax_category->search($search, $limit, $offset, $sort, $order);

application/controllers/Tax_codes.php

@@ -29,7 +29,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Tax_code->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$tax_codes = $this->Tax_code->search($search, $limit, $offset, $sort, $order);

application/controllers/Tax_jurisdictions.php

@@ -25,7 +25,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit  = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort   = $this->input->get('sort');
+		$sort   = $this->Tax_jurisdiction->sort_column($this->input->get('sort'));
 		$order  = $this->input->get('order');
 
 		$tax_jurisdictions = $this->Tax_jurisdiction->search($search, $limit, $offset, $sort, $order);

application/controllers/Taxes.php

@@ -57,7 +57,7 @@ public function search()
 		$search = $this->input->get('search');
 		$limit = $this->input->get('limit');
 		$offset = $this->input->get('offset');
-		$sort = $this->input->get('sort');
+		$sort = $this->Tax->sort_column($this->input->get('sort'));
 		$order = $this->input->get('order');
 
 		$tax_rates = $this->Tax->search($search, $limit, $offset, $sort, $order);

application/models/Attribute.php

@@ -16,6 +16,11 @@ public static function get_definition_flags()
 		return array_flip($class->getConstants());
 	}
 
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('attribute_definitions')) ? $field : 'definition_id';
+	}
+
 	/*
 	 Determines if a given definition_id is an attribute
 	 */

application/models/Cashup.php

@@ -6,6 +6,12 @@
 
 class Cashup extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('cash_up')) ? $field : 'cashup_id';
+	}
+
 	/*
 	Determines if a given Cashup_id is an Cashup
 	*/

application/models/Customer.php

@@ -6,6 +6,12 @@
 
 class Customer extends Person
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('customers')) ? $field : 'people.person_id';
+	}
+
 	/*
 	Determines if a given person_id is a customer
 	*/

application/models/Employee.php

@@ -6,6 +6,12 @@
 
 class Employee extends Person
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('employees')) ? $field : 'people.person_id';
+	}
+
 	/*
 	Determines if a given person_id is an employee
 	*/

application/models/Expense.php

@@ -6,6 +6,12 @@
 
 class Expense extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('expenses')) ? $field : 'expense_id';
+	}
+
 	/*
 	Determines if a given Expense_id is an Expense
 	*/

application/models/Expense_category.php

@@ -6,6 +6,12 @@
 
 class Expense_category extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('expense_categories')) ? $field : 'expense_category_id';
+	}
+
 	/*
 	Determines if a given Expense_id is an Expense category
 	*/

application/models/Giftcard.php

@@ -6,6 +6,12 @@
 
 class Giftcard extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('giftcards')) ? $field : 'giftcard_id';
+	}
+
 	/*
 	Determines if a given giftcard_id is a giftcard
 	*/

application/models/Item.php

@@ -5,6 +5,13 @@
 
 class Item extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		$allowed_columns = array_merge($this->db->list_fields('items'), $this->db->list_fields('item_quantities'));
+		return in_array($field, $allowed_columns) ? $field : 'item_id';
+	}
+
 	/*
 	Determines if a given item_id is an item
 	*/

application/models/Item_kit.php

@@ -6,6 +6,12 @@
 
 class Item_kit extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('item_kits')) ? $field : 'item_kit_id';
+	}
+
 	/*
 	Determines if a given item_id is an item kit
 	*/

application/models/Item_taxes.php

@@ -6,6 +6,12 @@
 
 class Item_taxes extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('items_taxes')) ? $field : 'item_id';
+	}
+
 	/*
 	Gets tax info for a particular item
 	*/

application/models/Sale.php

@@ -4,6 +4,12 @@
  */
 class Sale extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('sales')) ? $field : 'sale_id';
+	}
+
 	/**
 	 * Get sale info
 	 */

application/models/Supplier.php

@@ -9,6 +9,11 @@ class Supplier extends Person
 	const GOODS_SUPPLIER = 0;
 	const COST_SUPPLIER = 1;
 
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('suppliers')) ? $field : 'people.person_id';
+	}
+
 	/*
 	Determines if a given person_id is a customer
 	*/

application/models/Tax.php

@@ -6,6 +6,12 @@
 
 class Tax extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('tax_codes')) ? $field : 'tax_code_id';
+	}
+
 	/**
 	 * Determines if a given row is on file
 	 */

application/models/Tax_category.php

@@ -6,6 +6,12 @@
 
 class Tax_category extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('tax_categories')) ? $field : 'tax_category_id';
+	}
+
 	/**
 	 *  Determines if it exists in the table
 	 */

application/models/Tax_code.php

@@ -6,6 +6,12 @@
 
 class Tax_code extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('tax_codes')) ? $field : 'tax_code_id';
+	}
+
 	/**
 	 *  Determines if it exists in the table
 	 */

application/models/Tax_jurisdiction.php

@@ -6,6 +6,12 @@
 
 class Tax_jurisdiction extends CI_Model
 {
+
+	public function sort_column($field)
+	{
+		return in_array($field, $this->db->list_fields('tax_jurisdictions')) ? $field : 'jurisdiction_id';
+	}
+
 	/**
 	 *  Determines if it exists in the table
 	 */