From add111dbad3878039753252e276e68451c2ddcea Mon Sep 17 00:00:00 2001
From: Lars Dieckow <ldieckow@sipwise.com>
Date: Wed, 26 Jun 2013 15:23:14 +0200
Subject: [PATCH] stricter parameter checking

---
 lib/NGCP/Panel/Controller/Root.pm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/NGCP/Panel/Controller/Root.pm b/lib/NGCP/Panel/Controller/Root.pm
index 8349093043..bf35281229 100644
--- a/lib/NGCP/Panel/Controller/Root.pm
+++ b/lib/NGCP/Panel/Controller/Root.pm
@@ -83,12 +83,22 @@ sub ajax_process_resultset :Private {
     my ($rs,$columns,$searchable) = @arguments;
 
     #Process Arguments
-    my $sEcho          = $c->request->params->{sEcho}   // "1";    #/
+    my $sEcho = int($c->request->params->{sEcho} // 1); #/
+    # http://datatables.net/usage/server-side#sEcho
     my $sSearch        = $c->request->params->{sSearch} // "";     #/
     my $iDisplayStart  = $c->request->params->{iDisplayStart};
     my $iDisplayLength = $c->request->params->{iDisplayLength};
     my $iSortCol_0     = $c->request->params->{iSortCol_0};
     my $sSortDir_0     = $c->request->params->{sSortDir_0};
+
+    if (defined $sSortDir_0) {
+        if ('desc' eq lc $sSortDir_0) {
+            $sSortDir_0 = 'desc';
+        } else {
+            $sSortDir_0 = 'asc';
+        }
+    }
+
     my $iIdOnTop       = $c->request->params->{iIdOnTop};