pimcore · martineiber · Apr 30, 2026 · Apr 30, 2026
diff --git a/src/Bundle/ApplicationLogger/Repository/LogRepository.php b/src/Bundle/ApplicationLogger/Repository/LogRepository.php
@@ -198,7 +198,10 @@ private function addPaging(QueryBuilder $queryBuilder, FilterParameter $paramete
     private function addSorting(QueryBuilder $queryBuilder, SortFilter $sortFilter): void
     {
         $queryBuilder
-            ->orderBy($sortFilter->getKey(), $sortFilter->getDirection());
+            ->orderBy(
+                $this->dbResolver->get()->quoteIdentifier($sortFilter->getKey()),
+                $sortFilter->getDirection()
+            );
     }
 
     /**

diff --git a/src/MappedParameter/Filter/SortFilter.php b/src/MappedParameter/Filter/SortFilter.php
@@ -14,6 +14,7 @@
 namespace Pimcore\Bundle\StudioBackendBundle\MappedParameter\Filter;
 
 use Pimcore\Bundle\GenericDataIndexBundle\Enum\Search\SortDirection;
+use function strtolower;
 
 /**
  * @internal
@@ -43,6 +44,9 @@
 
     public function getDirection(): string
     {
-        return $this->direction;
+        $normalised = strtolower($this->direction);
+        $direction = SortDirection::tryFrom($normalised) ?? SortDirection::ASC;
+
+        return $direction->value;
     }
 }
diff --git a/src/Translation/Repository/TranslationRepository.php b/src/Translation/Repository/TranslationRepository.php
@@ -25,8 +25,11 @@
 use Pimcore\Bundle\StudioBackendBundle\Translation\Schema\UpdateTranslation;
 use Pimcore\Bundle\StudioBackendBundle\Translation\Service\TranslatorServiceInterface;
 use Pimcore\Bundle\StudioBackendBundle\Util\Constant\UserPermissions;
+use Pimcore\Config;
 use Pimcore\Model\Translation;
 use Pimcore\Model\Translation\Listing;
+use function array_unique;
+use function array_values;
 use function in_array;
 use function sprintf;
 
@@ -41,6 +44,7 @@
         private SettingsProviderInterface $systemSettingsProvider,
         private Connection $db,
         private SecurityServiceInterface $securityService,
+        private Config $config,
     ) {
         $settings = $this->systemSettingsProvider->getSettings();
         $this->validLanguages = $settings['validLanguages'] ?? [];
@@ -192,10 +196,10 @@
 
     public function getTranslationList(string $domain = TranslatorServiceInterface::DOMAIN): Listing
     {
+        $this->assertValidDomain($domain);
+
         $list = new Translation\Listing();
         $list->setDomain($domain);
-        $list->setOrder('asc');
-        $list->setOrderKey('translations_' . $domain . '.key', false);
 
         return $list;
     }
@@ -245,4 +249,15 @@
             throw new InvalidLocaleException($locale);
         }
     }
+
+    /**
+     * @throws NotFoundException
+     */
+    private function assertValidDomain(string $domain): void
+    {
+        $allowedDomains = array_values(array_unique($this->config['translations']['domains'] ?? []));
+        if (!in_array($domain, $allowedDomains, true)) {
+            throw new NotFoundException('Translation Domain', $domain);
+        }
+    }
 }