From acf1ce862a9588e266fb48a782a20d543327eca6 Mon Sep 17 00:00:00 2001 From: kolaente Date: Fri, 24 Jan 2025 19:06:18 +0100 Subject: [PATCH] fix(filter): validate fields before using them Resolves https://vikunja.sentry.io/share/issue/0e99ec2d0ee64e7aa40ea78098d5a316/ --- pkg/models/task_collection_filter.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/models/task_collection_filter.go b/pkg/models/task_collection_filter.go index 9cbc59f83..a85a8337c 100644 --- a/pkg/models/task_collection_filter.go +++ b/pkg/models/task_collection_filter.go @@ -134,6 +134,12 @@ func parseFilterFromExpression(f fexpr.ExprGroup, loc *time.Location) (filter *t if filter.field == "project" { filter.field = "project_id" } + + err = validateTaskField(filter.field) + if err != nil { + return nil, err + } + reflectValue, filter.value, err = getNativeValueForTaskField(filter.field, filter.comparator, value, loc) if err != nil { return nil, ErrInvalidTaskFilterValue{