kasperdokter/bigcapital
1
0
Fork 0
Code Activity
Files
54dd475ec369b85d2eadd7354ae65ed654657b70
bigcapital/packages
T
History
Ahmed Bouhuolia c23bc76afa fix(server): prevent SQL injection via sortOrder in DynamicListing (GHSA-hcp2-qqg6-jjpm) 
Validate sortOrder against an allowlist at the DTO layer, normalize the
direction centrally in DynamicFilterSortBy.buildQuery, and re-sanitize
inside every orderByRaw modifier so attacker-controlled SQL cannot reach
the ORDER BY clause.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-16 21:35:22 +02:00
..
server
fix(server): prevent SQL injection via sortOrder in DynamicListing (GHSA-hcp2-qqg6-jjpm)
2026-05-16 21:35:22 +02:00
webapp
chore(webapp): add format and format:check scripts
2026-03-27 18:21:23 +02:00