X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=CRM%2FUtils%2FSort.php;h=991cced62a1e25e05e4b0000628ddd60ed3e512d;hb=894aaa017e254a83f9383d3d9e68d127f1bb7e87;hp=2b5765f23598eac92f0a8d6f4c53435fc312ab54;hpb=7e982a3f27ae3a63aaba12ef00abb2537a26678d;p=civicrm-core.git diff --git a/CRM/Utils/Sort.php b/CRM/Utils/Sort.php index 2b5765f235..991cced62a 100644 --- a/CRM/Utils/Sort.php +++ b/CRM/Utils/Sort.php @@ -3,7 +3,7 @@ +--------------------------------------------------------------------+ | CiviCRM version 4.7 | +--------------------------------------------------------------------+ - | Copyright CiviCRM LLC (c) 2004-2016 | + | Copyright CiviCRM LLC (c) 2004-2017 | +--------------------------------------------------------------------+ | This file is a part of CiviCRM. | | | @@ -35,7 +35,7 @@ * if introducing additional functionality * * @package CRM - * @copyright CiviCRM LLC (c) 2004-2016 + * @copyright CiviCRM LLC (c) 2004-2017 */ class CRM_Utils_Sort { @@ -121,7 +121,7 @@ class CRM_Utils_Sort { foreach ($vars as $weight => $value) { $this->_vars[$weight] = array( - 'name' => CRM_Utils_Type::validate($value['sort'], 'MysqlColumnName'), + 'name' => CRM_Utils_Type::validate($value['sort'], 'MysqlColumnNameOrAlias'), 'direction' => CRM_Utils_Array::value('direction', $value), 'title' => $value['name'], ); @@ -152,11 +152,11 @@ class CRM_Utils_Sort { $this->_vars[$this->_currentSortID]['direction'] == self::DONTCARE ) { $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']); - return $this->_vars[$this->_currentSortID]['name'] . ' asc'; + return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnNameOrAlias') . ' asc'; } else { $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']); - return $this->_vars[$this->_currentSortID]['name'] . ' desc'; + return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnNameOrAlias') . ' desc'; } }