From ac8466f3303115b66c1196f752530accc4efa391 Mon Sep 17 00:00:00 2001
From: beardev-in <abhinav.edulakanti@gmail.com>
Date: Sun, 3 May 2026 16:04:23 +0530
Subject: [PATCH] fix: add sorting range validation, reject out-of-range int8
 values with 400

---
 routers/api/v1/repo/project.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/routers/api/v1/repo/project.go b/routers/api/v1/repo/project.go
index 048992d6e8..464270c968 100644
--- a/routers/api/v1/repo/project.go
+++ b/routers/api/v1/repo/project.go
@@ -574,6 +574,10 @@ func EditProjectColumn(ctx *context.APIContext) {
 		column.Color = *form.Color
 	}
 	if form.Sorting != nil {
+		if *form.Sorting < -128 || *form.Sorting > 127 {
+			ctx.APIError(http.StatusBadRequest, "sorting value out of range, must be between -128 and 127")
+			return
+		}
 		column.Sorting = int8(*form.Sorting)
 	}