Merge pull request #8376 from mollux/CRM-18563_apifailure_errormessage

[civicrm-core.git] / CRM / Core / Page / AJAX.php

diff --git a/CRM/Core/Page/AJAX.php b/CRM/Core/Page/AJAX.php
index 3a4559878662c5bd9ca12ed1f8b56298b3f0ac30..5830a624cf5fab569794ff52d33402fcd12902ca 100644 (file)
--- a/CRM/Core/Page/AJAX.php
+++ b/CRM/Core/Page/AJAX.php
@@ -220,9 +220,11 @@ class CRM_Core_Page_AJAX {
     );
 
     $sortMapper = array();
-    foreach ($_GET['columns'] as $key => $value) {
-      $sortMapper[$key] = CRM_Utils_Type::escape($value['data'], 'MysqlColumnName');
-    };
+    if (isset($_GET['columns'])) {
+      foreach ($_GET['columns'] as $key => $value) {
+        $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnNameOrAlias');
+      };
+    }
 
     $offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
     $rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount;
@@ -231,10 +233,10 @@ class CRM_Core_Page_AJAX {
     $sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;
 
     if ($sort) {
-      $params['sortBy'] = "`{$sort}` {$sortOrder}";
+      $params['sortBy'] = "{$sort} {$sortOrder}";
 
-      $params['_raw_values']['sort'][0] =  $sort;
-      $params['_raw_values']['order'][0] =  $sortOrder;
+      $params['_raw_values']['sort'][0] = $sort;
+      $params['_raw_values']['order'][0] = $sortOrder;
     }
 
     $params['offset'] = $offset;