+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2016 |
+ | Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
/**
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2016
+ * @copyright CiviCRM LLC (c) 2004-2017
* $Id$
*
*/
);
$sortMapper = array();
- foreach ($_GET['columns'] as $key => $value) {
- $sortMapper[$key] = CRM_Utils_Type::escape($value['data'], 'MysqlColumnName');
- };
+ if (isset($_GET['columns'])) {
+ foreach ($_GET['columns'] as $key => $value) {
+ $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnNameOrAlias');
+ };
+ }
$offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
$rowCount = isset($_GET['length']) ? CRM_Utils_Type::validate($_GET['length'], 'Integer') : $defaultRowCount;
$sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;
if ($sort) {
- $params['sortBy'] = "`{$sort}` {$sortOrder}";
+ $params['sortBy'] = "{$sort} {$sortOrder}";
$params['_raw_values']['sort'][0] = $sort;
$params['_raw_values']['order'][0] = $sortOrder;