diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php index c5f334fc31..cca829c23f 100644 --- a/app/Http/Controllers/Api/UsersController.php +++ b/app/Http/Controllers/Api/UsersController.php @@ -215,11 +215,39 @@ class UsersController extends Controller default: $allowed_columns = [ - 'last_name', 'first_name', 'email', 'jobtitle', 'username', 'employee_num', - 'assets', 'accessories', 'consumables', 'licenses', 'groups', 'activated', 'created_at', - 'two_factor_enrolled', 'two_factor_optin', 'last_login', 'assets_count', 'licenses_count', - 'consumables_count', 'accessories_count', 'phone', 'address', 'city', 'state', - 'country', 'zip', 'id', 'ldap_import', 'remote', 'start_date', 'end_date', + 'last_name', + 'first_name', + 'email', + 'jobtitle', + 'username', + 'employee_num', + 'assets', + 'accessories', + 'consumables', + 'licenses', + 'groups', + 'activated', + 'created_at', + 'two_factor_enrolled', + 'two_factor_optin', + 'last_login', + 'assets_count', + 'licenses_count', + 'consumables_count', + 'accessories_count', + 'phone', + 'address', + 'city', + 'state', + 'country', + 'zip', + 'id', + 'ldap_import', + 'two_factor_optin', + 'two_factor_enrolled', + 'remote', + 'start_date', + 'end_date', ]; $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';