From 6f47f0cffd0ac0a9e3d7a601285fe1d6ab219379 Mon Sep 17 00:00:00 2001
From: Awais <awaismehmood88@gmail.com>
Date: Tue, 27 Feb 2024 12:26:52 +0400
Subject: [PATCH] fix: select security bug (#879)

---
 src/paginate.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/paginate.ts b/src/paginate.ts
index 9765065..5877a6e 100644
--- a/src/paginate.ts
+++ b/src/paginate.ts
@@ -273,10 +273,13 @@ export async function paginate<T extends ObjectLiteral>(
 
     // When we partial select the columns (main or relation) we must add the primary key column otherwise
     // typeorm will not be able to map the result.
-    const selectParams =
+    let selectParams =
         config.select && query.select && !config.ignoreSelectInQueryParam
             ? config.select.filter((column) => query.select.includes(column))
             : config.select
+    if (!includesAllPrimaryKeyColumns(queryBuilder, query.select)) {
+        selectParams = config.select
+    }
     if (selectParams?.length > 0 && includesAllPrimaryKeyColumns(queryBuilder, selectParams)) {
         const cols: string[] = selectParams.reduce((cols, currentCol) => {
             const columnProperties = getPropertiesByColumnName(currentCol)