Eloquent
Packages
API
In your BaseFilters implementation (assuming it dynamically maps a query string like ?sort_by=name&sort_dir=desc to the builder), make sure you are strictly validating against your protected array $sortable whitelist. If a user passes an unvalidated string directly into a raw orderBy or a standard orderBy without strict checking, it can occasionally lead to unexpected behavior or vulnerabilities.
Sign in to participate in this thread!
