projects
/
civicrm-core.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
CRM-13554 - validate values of order by
[civicrm-core.git]
/
CRM
/
Contact
/
Form
/
Search
/
Custom
/
TagContributions.php
diff --git
a/CRM/Contact/Form/Search/Custom/TagContributions.php
b/CRM/Contact/Form/Search/Custom/TagContributions.php
index eeb89e9a8a1000866568b29328be3237596a26bf..5ba6a07e03c93b6d5dcd6daed1b3e725787164f7 100644
(file)
--- a/
CRM/Contact/Form/Search/Custom/TagContributions.php
+++ b/
CRM/Contact/Form/Search/Custom/TagContributions.php
@@
-120,6
+120,7
@@
WHERE $where
// Define ORDER BY for query in $sort, with default value
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {