projects / civicrm-core.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
CRM-13554 - validate values of order by
[civicrm-core.git] / CRM / Mailing / Event / BAO / TrackableURLOpen.php
diff --git a/CRM/Mailing/Event/BAO/TrackableURLOpen.php b/CRM/Mailing/Event/BAO/TrackableURLOpen.php
index ba7e7b247d179fa127af9dfe1a59af806a51dddc..fa17c73dda7e5e29852de30ce6084453297e9120 100644 (file)
--- a/CRM/Mailing/Event/BAO/TrackableURLOpen.php
+++ b/CRM/Mailing/Event/BAO/TrackableURLOpen.php
@@ -223,6 +223,7 @@ class CRM_Mailing_Event_BAO_TrackableURLOpen extends CRM_Mailing_Event_DAO_Track
     $orderBy = "sort_name ASC, {$click}.time_stamp DESC";
     if ($sort) {
       if (is_string($sort)) {
+        $sort = CRM_Utils_Type::escape($sort, 'String');
         $orderBy = $sort;
       }
       else {