magnussolution
diff --git a/‎protected/components/BaseController.php‎
Lines changed: 3 additions & 3 deletions b/‎protected/components/BaseController.php‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎protected/components/HttpRequest.php‎
Lines changed: 9 additions & 5 deletions b/‎protected/components/HttpRequest.php‎
Lines changed: 9 additions & 5 deletions
diff --git a/‎protected/controllers/MolPayController.php‎
Lines changed: 1 addition & 1 deletion b/‎protected/controllers/MolPayController.php‎
Lines changed: 1 addition & 1 deletion
@@ -334,15 +334,15 @@ public function setLimit($value)
     public function setSort()
     {
         $this->sort = isset($_GET[$this->nameParamSort]) ? $_GET[$this->nameParamSort] : $this->attributeOrder;
-        if ($this->sort && !preg_match('/^[a-zA-Z0-9_\.]+( (ASC|DESC))?$/i', trim($this->sort))) {
-            exit;
+        if ($this->sort && !preg_match('/^[a-zA-Z0-9_\.]+( (ASC|DESC))?(,\s*[a-zA-Z0-9_\.]+( (ASC|DESC))?)*$/i', trim($this->sort))) {
+            exit('sort ' . $this->sort);
         }
         SqlInject::sanitize($this->sort);
     }
 
     public function setOrder()
     {
-        $dir         = isset($_GET[$this->nameParamDir]) ? ' ' . $_GET[$this->nameParamDir] : null;
+        $dir         = isset($_GET[$this->nameParamDir]) ? strtoupper(trim($_GET[$this->nameParamDir])) : null;
         if ($dir && !in_array(strtoupper($dir), ['ASC', 'DESC'])) {
             exit;
         }
 
@@ -8,12 +8,10 @@ public function validateCsrfToken($event)
     {
 
         $file = Yii::getPathOfAlias('application.config') . '/noCsrfValidation.php';
+        $route = $this->getPathInfo();
+        $controller = strtolower(strtok($route, '/'));
         if (is_file($file)) {
-            $route = $this->getPathInfo();
-            $controller = strtolower(strtok($route, '/'));
-
             $noCsrf = require $file;
-
             if (is_array($noCsrf)) {
                 foreach ($noCsrf as $c) {
                     if (strcasecmp($controller, $c) === 0) {
@@ -22,7 +20,13 @@ public function validateCsrfToken($event)
                 }
             }
         }
-        // Só faz essa validação especial em POST
+        $allow = [
+            'molpay',
+        ];
+        if (in_array($controller, $allow)) {
+            return;
+        }
+
         if ($this->getIsPostRequest() && !empty($_SERVER['HTTP_KEY'])) {
 
             // 1) Valida se existe SIGN
 
@@ -21,7 +21,7 @@ public function actionIndex()
             'params'    => $params,
         ));
 
-        if (!count($modelMethodpay)) {
+        if (!isset($modelMethodpay->id)) {
             Yii::log('Methos pay not found', 'error');
             exit;
         }
Original file line number	Diff line number	Diff line change
`@@ -334,15 +334,15 @@ public function setLimit($value)`
`334`	`334`	`public function setSort()`
`335`	`335`	`{`
`336`	`336`	`$this->sort = isset($_GET[$this->nameParamSort]) ? $_GET[$this->nameParamSort] : $this->attributeOrder;`
`337`		`- if ($this->sort && !preg_match('/^[a-zA-Z0-9_\.]+( (ASC\|DESC))?$/i', trim($this->sort))) {`
`338`		`- exit;`
	`337`	`+ if ($this->sort && !preg_match('/^[a-zA-Z0-9_\.]+( (ASC\|DESC))?(,\s[a-zA-Z0-9_\.]+( (ASC\|DESC))?)$/i', trim($this->sort))) {`
	`338`	`+ exit('sort ' . $this->sort);`
`339`	`339`	`}`
`340`	`340`	`SqlInject::sanitize($this->sort);`
`341`	`341`	`}`
`342`	`342`
`343`	`343`	`public function setOrder()`
`344`	`344`	`{`
`345`		`- $dir = isset($_GET[$this->nameParamDir]) ? ' ' . $_GET[$this->nameParamDir] : null;`
	`345`	`+ $dir = isset($_GET[$this->nameParamDir]) ? strtoupper(trim($_GET[$this->nameParamDir])) : null;`
`346`	`346`	`if ($dir && !in_array(strtoupper($dir), ['ASC', 'DESC'])) {`
`347`	`347`	`exit;`
`348`	`348`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ public function actionIndex()`
`21`	`21`	`'params' => $params,`
`22`	`22`	`));`
`23`	`23`
`24`		`- if (!count($modelMethodpay)) {`
	`24`	`+ if (!isset($modelMethodpay->id)) {`
`25`	`25`	`Yii::log('Methos pay not found', 'error');`
`26`	`26`	`exit;`
`27`	`27`	`}`