From 97d1384726a2c114fc2f5e688a222604f1caa245 Mon Sep 17 00:00:00 2001 From: Bogdan Date: Sat, 21 Sep 2024 20:12:01 +0300 Subject: [PATCH] Guard against using invalid sort keys --- frontend/src/Store/Actions/systemActions.js | 1 - .../History/HistoryController.cs | 8 ++++++- src/Prowlarr.Api.V1/Logs/LogController.cs | 8 ++++++- src/Prowlarr.Http/PagingResource.cs | 23 +++++++++++-------- 4 files changed, 28 insertions(+), 12 deletions(-) diff --git a/frontend/src/Store/Actions/systemActions.js b/frontend/src/Store/Actions/systemActions.js index 92360b589..75d2595cf 100644 --- a/frontend/src/Store/Actions/systemActions.js +++ b/frontend/src/Store/Actions/systemActions.js @@ -110,7 +110,6 @@ export const defaultState = { { name: 'actions', columnLabel: () => translate('Actions'), - isSortable: true, isVisible: true, isModifiable: false } diff --git a/src/Prowlarr.Api.V1/History/HistoryController.cs b/src/Prowlarr.Api.V1/History/HistoryController.cs index 35b9be44d..a744ffc2f 100644 --- a/src/Prowlarr.Api.V1/History/HistoryController.cs +++ b/src/Prowlarr.Api.V1/History/HistoryController.cs @@ -25,7 +25,13 @@ namespace Prowlarr.Api.V1.History public PagingResource GetHistory([FromQuery] PagingRequestResource paging, [FromQuery(Name = "eventType")] int[] eventTypes, bool? successful, string downloadId, [FromQuery] int[] indexerIds = null) { var pagingResource = new PagingResource(paging); - var pagingSpec = pagingResource.MapToPagingSpec("date", SortDirection.Descending); + var pagingSpec = pagingResource.MapToPagingSpec( + new HashSet(StringComparer.OrdinalIgnoreCase) + { + "date" + }, + "date", + SortDirection.Descending); if (eventTypes != null && eventTypes.Any()) { diff --git a/src/Prowlarr.Api.V1/Logs/LogController.cs b/src/Prowlarr.Api.V1/Logs/LogController.cs index b2886d2f1..18fad89e8 100644 --- a/src/Prowlarr.Api.V1/Logs/LogController.cs +++ b/src/Prowlarr.Api.V1/Logs/LogController.cs @@ -1,3 +1,5 @@ +using System; +using System.Collections.Generic; using Microsoft.AspNetCore.Mvc; using NzbDrone.Common.Extensions; using NzbDrone.Core.Configuration; @@ -29,7 +31,11 @@ namespace Prowlarr.Api.V1.Logs } var pagingResource = new PagingResource(paging); - var pageSpec = pagingResource.MapToPagingSpec(); + var pageSpec = pagingResource.MapToPagingSpec(new HashSet(StringComparer.OrdinalIgnoreCase) + { + "id", + "time" + }); if (pageSpec.SortKey == "time") { diff --git a/src/Prowlarr.Http/PagingResource.cs b/src/Prowlarr.Http/PagingResource.cs index d21b5bf42..a442e812e 100644 --- a/src/Prowlarr.Http/PagingResource.cs +++ b/src/Prowlarr.Http/PagingResource.cs @@ -38,7 +38,11 @@ namespace Prowlarr.Http public static class PagingResourceMapper { - public static PagingSpec MapToPagingSpec(this PagingResource pagingResource, string defaultSortKey = "Id", SortDirection defaultSortDirection = SortDirection.Ascending) + public static PagingSpec MapToPagingSpec( + this PagingResource pagingResource, + HashSet allowedSortKeys, + string defaultSortKey = "id", + SortDirection defaultSortDirection = SortDirection.Ascending) { var pagingSpec = new PagingSpec { @@ -48,14 +52,15 @@ namespace Prowlarr.Http SortDirection = pagingResource.SortDirection, }; - if (pagingResource.SortKey == null) - { - pagingSpec.SortKey = defaultSortKey; - if (pagingResource.SortDirection == SortDirection.Default) - { - pagingSpec.SortDirection = defaultSortDirection; - } - } + pagingSpec.SortKey = pagingResource.SortKey != null && + allowedSortKeys is { Count: > 0 } && + allowedSortKeys.Contains(pagingResource.SortKey) + ? pagingResource.SortKey + : defaultSortKey; + + pagingSpec.SortDirection = pagingResource.SortDirection == SortDirection.Default + ? defaultSortDirection + : pagingResource.SortDirection; return pagingSpec; }