fix(filter): validate fields before using them

Resolves https://vikunja.sentry.io/share/issue/0e99ec2d0ee64e7aa40ea78098d5a316/
This commit is contained in:
kolaente 2025-01-24 19:06:18 +01:00
parent b0b8262aac
commit acf1ce862a
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
1 changed files with 6 additions and 0 deletions

View File

@ -134,6 +134,12 @@ func parseFilterFromExpression(f fexpr.ExprGroup, loc *time.Location) (filter *t
if filter.field == "project" {
filter.field = "project_id"
}
err = validateTaskField(filter.field)
if err != nil {
return nil, err
}
reflectValue, filter.value, err = getNativeValueForTaskField(filter.field, filter.comparator, value, loc)
if err != nil {
return nil, ErrInvalidTaskFilterValue{