MAGETWO-88642: Sort Order Field Values

Oleksandr Gorkun · Oleksandr Gorkun · commit 9592c4c3fd0a · 2018-05-21T14:25:16.000+03:00
diff --git a/lib/internal/Magento/Framework/Api/SortOrder.php b/lib/internal/Magento/Framework/Api/SortOrder.php
@@ -30,6 +30,9 @@ public function __construct(array $data = [])
         if (null !== $this->getDirection()) {
             $this->validateDirection($this->getDirection());
         }
+        if ($this->getField() !== null) {
+            $this->validateField($this->getField());
+        }
     }
 
     /**
@@ -50,6 +53,8 @@ public function getField()
      */
     public function setField($field)
     {
+        $this->validateField($field);
+
         return $this->setData(SortOrder::FIELD, $field);
     }
 
@@ -127,4 +132,23 @@ private function normalizeDirectionInput($direction)
     {
         return strtoupper($direction);
     }
+
+    /**
+     * Check if given value can be used as sorting field.
+     *
+     * @param string $field
+     * @return void
+     * @throws InputException
+     */
+    private function validateField(string $field): void
+    {
+        if (preg_match('/[^a-z0-9\_]/i', $field)) {
+            throw new InputException(
+                new Phrase(
+                    'Sort order field %1 contains restricted symbols',
+                    [$field]
+                )
+            );
+        }
+    }
 }
diff --git a/lib/internal/Magento/Framework/Api/Test/Unit/SortOrderTest.php b/lib/internal/Magento/Framework/Api/Test/Unit/SortOrderTest.php
@@ -86,4 +86,14 @@ public function testItValidatesADirectionAssignedDuringInstantiation()
             SortOrder::DIRECTION => 'not-asc-or-desc'
         ]);
     }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\InputException
+     */
+    public function testValidateField()
+    {
+        $this->sortOrder = new SortOrder([
+            SortOrder::FIELD => 'invalid field (value);'
+        ]);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,9 @@ public function __construct(array $data = [])`
`30`	`30`	`if (null !== $this->getDirection()) {`
`31`	`31`	`$this->validateDirection($this->getDirection());`
`32`	`32`	`}`
	`33`	`+ if ($this->getField() !== null) {`
	`34`	`+ $this->validateField($this->getField());`
	`35`	`+ }`
`33`	`36`	`}`
`34`	`37`
`35`	`38`	`/**`
`@@ -50,6 +53,8 @@ public function getField()`
`50`	`53`	`*/`
`51`	`54`	`public function setField($field)`
`52`	`55`	`{`
	`56`	`+ $this->validateField($field);`
	`57`	`+`
`53`	`58`	`return $this->setData(SortOrder::FIELD, $field);`
`54`	`59`	`}`
`55`	`60`
`@@ -127,4 +132,23 @@ private function normalizeDirectionInput($direction)`
`127`	`132`	`{`
`128`	`133`	`return strtoupper($direction);`
`129`	`134`	`}`
	`135`	`+`
	`136`	`+ /**`
	`137`	`+ * Check if given value can be used as sorting field.`
	`138`	`+ *`
	`139`	`+ * @param string $field`
	`140`	`+ * @return void`
	`141`	`+ * @throws InputException`
	`142`	`+ */`
	`143`	`+ private function validateField(string $field): void`
	`144`	`+ {`
	`145`	`+ if (preg_match('/[^a-z0-9\_]/i', $field)) {`
	`146`	`+ throw new InputException(`
	`147`	`+ new Phrase(`
	`148`	`+ 'Sort order field %1 contains restricted symbols',`
	`149`	`+ [$field]`
	`150`	`+ )`
	`151`	`+ );`
	`152`	`+ }`
	`153`	`+ }`
`130`	`154`	`}`