Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing minor security issues

Browse Source
This commit is contained in:
janis steiner
2026-05-20 19:35:11 +02:00
parent a540a57efc
commit fc3181ee3b
4 changed files with 215 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/manage/fetch_users.php
+20 -9
View File
@@ -16,21 +16,32 @@ if ($conn->connect_error) {
}
$search = trim($_GET['search'] ?? '');
$sort = $_GET['sort'] ?? 'id';
$sort = $_GET['sort'] ?? '';
$order = strtoupper($_GET['order'] ?? 'ASC') === 'DESC' ? 'DESC' : 'ASC';
$allowedSorts = ['id', 'username'];
if (!in_array($sort, $allowedSorts)) {
$sort = 'id';
}
if ($search !== '') {
$query = "SELECT id, username FROM users WHERE username LIKE ? ORDER BY $sort $order";
if ($sort === 'username') {
$query = $order === 'DESC'
? "SELECT id, username FROM users WHERE username LIKE ? ORDER BY username DESC"
: "SELECT id, username FROM users WHERE username LIKE ? ORDER BY username ASC";
} else {
$query = $order === 'DESC'
? "SELECT id, username FROM users WHERE username LIKE ? ORDER BY id DESC"
: "SELECT id, username FROM users WHERE username LIKE ? ORDER BY id ASC";
}
$stmt = $conn->prepare($query);
$like = '%' . $search . '%';
$stmt->bind_param('s', $like);
} else {
$query = "SELECT id, username FROM users ORDER BY $sort $order";
if ($sort === 'username') {
$query = $order === 'DESC'
? "SELECT id, username FROM users ORDER BY username DESC"
: "SELECT id, username FROM users ORDER BY username ASC";
} else {
$query = $order === 'DESC'
? "SELECT id, username FROM users ORDER BY id DESC"
: "SELECT id, username FROM users ORDER BY id ASC";
}
$stmt = $conn->prepare($query);
}
@@ -50,4 +61,4 @@ $stmt->close();
$conn->close();
echo json_encode(['success' => true, 'data' => $users]);
?>
?>