);
$sortMapper = array();
- foreach ($_GET['columns'] as $key => $value) {
- $sortMapper[$key] = CRM_Utils_Type::escape($value['data'], 'MysqlColumnName');
- };
+ if (isset($_GET['columns'])) {
+ foreach ($_GET['columns'] as $key => $value) {
+ $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnNameOrAlias');
+ };
+ }
$offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
$rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount;
$sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;
if ($sort) {
- $params['sortBy'] = "`{$sort}` {$sortOrder}";
+ $params['sortBy'] = "{$sort} {$sortOrder}";
$params['_raw_values']['sort'][0] = $sort;
$params['_raw_values']['order'][0] = $sortOrder;