+--------------------------------------------------------------------+
| CiviCRM version 4.7 |
+--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2016 |
+ | Copyright CiviCRM LLC (c) 2004-2017 |
+--------------------------------------------------------------------+
| This file is a part of CiviCRM. |
| |
* if introducing additional functionality
*
* @package CRM
- * @copyright CiviCRM LLC (c) 2004-2016
+ * @copyright CiviCRM LLC (c) 2004-2017
*/
class CRM_Utils_Sort {
foreach ($vars as $weight => $value) {
$this->_vars[$weight] = array(
- 'name' => CRM_Utils_Type::validate($value['sort'], 'MysqlColumnName'),
+ 'name' => CRM_Utils_Type::validate($value['sort'], 'MysqlColumnNameOrAlias'),
'direction' => CRM_Utils_Array::value('direction', $value),
'title' => $value['name'],
);
$this->_vars[$this->_currentSortID]['direction'] == self::DONTCARE
) {
$this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
- return $this->_vars[$this->_currentSortID]['name'] . ' asc';
+ return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnNameOrAlias') . ' asc';
}
else {
$this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
- return $this->_vars[$this->_currentSortID]['name'] . ' desc';
+ return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnNameOrAlias') . ' desc';
}
}