diff --git a/app/Http/Controllers/Models/LinkController.php b/app/Http/Controllers/Models/LinkController.php
index 487fc7eb..1c9a4b82 100644
--- a/app/Http/Controllers/Models/LinkController.php
+++ b/app/Http/Controllers/Models/LinkController.php
@@ -3,6 +3,7 @@
namespace App\Http\Controllers\Models;
use App\Http\Controllers\Controller;
+use App\Http\Controllers\Traits\ChecksOrdering;
use App\Http\Requests\Models\LinkMarkWorkingRequest;
use App\Http\Requests\Models\LinkStoreRequest;
use App\Http\Requests\Models\LinkToggleCheckRequest;
@@ -16,6 +17,14 @@ use Illuminate\Http\Request;
class LinkController extends Controller
{
+ use ChecksOrdering;
+
+ protected array $allowedOrders = [
+ 'created_at',
+ 'url',
+ 'title',
+ ];
+
public function __construct()
{
$this->authorizeResource(Link::class, 'link');
@@ -29,23 +38,25 @@ class LinkController extends Controller
*/
public function index(Request $request): View
{
- $orderBy = $request->input('orderBy', session()->get('links.index.orderBy', 'created_at'));
- $orderDir = $request->input('orderDir', session()->get('links.index.orderDir', 'desc'));
+ $this->orderBy = $request->input('orderBy', session()->get('links.index.orderBy', 'created_at'));
+ $this->orderDir = $request->input('orderDir', session()->get('links.index.orderDir', 'desc'));
- session()->put('links.index.orderBy', $orderBy);
- session()->put('links.index.orderDir', $orderDir);
+ $this->checkOrdering();
+
+ session()->put('links.index.orderBy', $this->orderBy);
+ session()->put('links.index.orderDir', $this->orderDir);
$links = Link::query()
->visibleForUser()
->with('tags')
- ->orderBy($orderBy, $orderDir)
+ ->orderBy($this->orderBy, $this->orderDir)
->paginate(getPaginationLimit());
return view('models.links.index', [
'links' => $links,
'route' => $request->getBaseUrl(),
- 'orderBy' => $orderBy,
- 'orderDir' => $orderDir,
+ 'orderBy' => $this->orderBy,
+ 'orderDir' => $this->orderDir,
]);
}
diff --git a/app/Http/Controllers/Models/ListController.php b/app/Http/Controllers/Models/ListController.php
index ac3c2889..18593261 100644
--- a/app/Http/Controllers/Models/ListController.php
+++ b/app/Http/Controllers/Models/ListController.php
@@ -3,6 +3,7 @@
namespace App\Http\Controllers\Models;
use App\Http\Controllers\Controller;
+use App\Http\Controllers\Traits\ChecksOrdering;
use App\Http\Requests\Models\ListStoreRequest;
use App\Http\Requests\Models\ListUpdateRequest;
use App\Models\LinkList;
@@ -14,6 +15,14 @@ use Illuminate\Http\Request;
class ListController extends Controller
{
+ use ChecksOrdering;
+
+ protected array $allowedOrders = [
+ 'created_at',
+ 'name',
+ 'links_count',
+ ];
+
/**
* Display a listing of the resource.
*
@@ -22,15 +31,17 @@ class ListController extends Controller
*/
public function index(Request $request): View
{
- $orderBy = $request->input('orderBy', session()->get('lists.index.orderBy', 'name'));
- $orderDir = $request->input('orderDir', session()->get('lists.index.orderDir', 'asc'));
+ $this->orderBy = $request->input('orderBy', session()->get('lists.index.orderBy', 'name'));
+ $this->orderDir = $request->input('orderDir', session()->get('lists.index.orderDir', 'asc'));
- session()->put('lists.index.orderBy', $orderBy);
- session()->put('lists.index.orderDir', $orderDir);
+ $this->checkOrdering();
+
+ session()->put('lists.index.orderBy', $this->orderBy);
+ session()->put('lists.index.orderDir', $this->orderDir);
$lists = LinkList::byUser()
->withCount('links')
- ->orderBy($orderBy, $orderDir);
+ ->orderBy($this->orderBy, $this->orderDir);
if ($request->input('filter')) {
$lists = $lists->where('name', 'like', '%' . $request->input('filter') . '%');
@@ -41,8 +52,8 @@ class ListController extends Controller
return view('models.lists.index', [
'lists' => $lists,
'route' => $request->getBaseUrl(),
- 'orderBy' => $orderBy,
- 'orderDir' => $orderDir,
+ 'orderBy' => $this->orderBy,
+ 'orderDir' => $this->orderDir,
]);
}
diff --git a/app/Http/Controllers/Models/TagController.php b/app/Http/Controllers/Models/TagController.php
index 2a66bb27..732a3597 100644
--- a/app/Http/Controllers/Models/TagController.php
+++ b/app/Http/Controllers/Models/TagController.php
@@ -3,6 +3,7 @@
namespace App\Http\Controllers\Models;
use App\Http\Controllers\Controller;
+use App\Http\Controllers\Traits\ChecksOrdering;
use App\Http\Requests\Models\TagStoreRequest;
use App\Http\Requests\Models\TagUpdateRequest;
use App\Models\Tag;
@@ -14,6 +15,14 @@ use Illuminate\Http\Request;
class TagController extends Controller
{
+ use ChecksOrdering;
+
+ protected array $allowedOrders = [
+ 'created_at',
+ 'name',
+ 'links_count',
+ ];
+
/**
* Display a listing of the resource.
*
@@ -22,15 +31,17 @@ class TagController extends Controller
*/
public function index(Request $request): View
{
- $orderBy = $request->input('orderBy', session()->get('tags.index.orderBy', 'name'));
- $orderDir = $request->input('orderDir', session()->get('tags.index.orderDir', 'asc'));
+ $this->orderBy = $request->input('orderBy', session()->get('tags.index.orderBy', 'name'));
+ $this->orderDir = $request->input('orderDir', session()->get('tags.index.orderDir', 'asc'));
- session()->put('tags.index.orderBy', $orderBy);
- session()->put('tags.index.orderDir', $orderDir);
+ $this->checkOrdering();
+
+ session()->put('tags.index.orderBy', $this->orderBy);
+ session()->put('tags.index.orderDir', $this->orderDir);
$tags = Tag::byUser()
->withCount('links')
- ->orderBy($orderBy, $orderDir);
+ ->orderBy($this->orderBy, $this->orderDir);
if ($request->input('filter')) {
$tags = $tags->where('name', 'like', '%' . $request->input('filter') . '%');
@@ -41,8 +52,8 @@ class TagController extends Controller
return view('models.tags.index', [
'tags' => $tags,
'route' => $request->getBaseUrl(),
- 'orderBy' => $orderBy,
- 'orderDir' => $orderDir,
+ 'orderBy' => $this->orderBy,
+ 'orderDir' => $this->orderDir,
'filter' => $request->input('filter'),
]);
}
diff --git a/app/Http/Controllers/Traits/ChecksOrdering.php b/app/Http/Controllers/Traits/ChecksOrdering.php
new file mode 100644
index 00000000..3414a81f
--- /dev/null
+++ b/app/Http/Controllers/Traits/ChecksOrdering.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Http\Controllers\Traits;
+
+trait ChecksOrdering
+{
+ protected string $orderBy = 'created_at';
+ protected string $orderDir = 'desc';
+
+ // Entities are only allowed to be ordered by specific columns and directions
+ protected function checkOrdering(): void
+ {
+ $this->orderBy = in_array($this->orderBy, $this->allowedOrders, true) ? $this->orderBy : 'created_at';
+ $this->orderDir = in_array($this->orderDir, ['asc', 'desc']) ? $this->orderDir : 'asc';
+ }
+}
diff --git a/app/Http/Controllers/Traits/SearchesLinks.php b/app/Http/Controllers/Traits/SearchesLinks.php
index df7b66d9..0c79ef84 100644
--- a/app/Http/Controllers/Traits/SearchesLinks.php
+++ b/app/Http/Controllers/Traits/SearchesLinks.php
@@ -88,8 +88,10 @@ trait SearchesLinks
});
}
- // Order the results if applicable
- if ($this->searchOrderBy = $request->input('order_by', $this->orderByOptions[0])) {
+ // Order the results if applicable and only allow predefined ordering
+ if ($this->searchOrderBy = $request->input('order_by')) {
+ $this->searchOrderBy = in_array($this->searchOrderBy, $this->orderByOptions)
+ ? $this->searchOrderBy : $this->orderByOptions[0];
$search->orderBy(...explode(':', $this->searchOrderBy));
}