fix: input not properly sanitized

aboutcircles · Oct 28, 2024 · e4638ad · e4638ad
1 parent b3e0e09
commit e4638ad
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Circles.Index.Query/OrderBy.cs b/Circles.Index.Query/OrderBy.cs
@@ -7,7 +7,7 @@ public record OrderBy(string Column, string SortOrder) : ISql
 {
     public ParameterizedSql ToSql(IDatabaseUtils database)
     {
-        var sql = $"{QuoteIdentifier(Column)} {SortOrder.ToUpper()}";
+        var sql = $"{QuoteIdentifier(Column)} {(SortOrder.ToUpper() == "DESC" ? "DESC" : "ASC")}";
         return new ParameterizedSql(sql, Enumerable.Empty<IDbDataParameter>());
     }
 

diff --git a/Circles.Index/Circles.Index.csproj b/Circles.Index/Circles.Index.csproj
@@ -8,8 +8,8 @@
         <Authors>Daniel Janz (Gnosis Service GmbH)</Authors>
         <Copyright>Gnosis Service GmbH</Copyright>
         <Product>Circles</Product>
-        <AssemblyVersion>1.10.0</AssemblyVersion>
-        <FileVersion>1.10.0</FileVersion>
+        <AssemblyVersion>1.10.1</AssemblyVersion>
+        <FileVersion>1.10.1</FileVersion>
     </PropertyGroup>