projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0fa4baf)
Adapted CRM_Utils_Sort code to use the validation and escaping.
authorMattias Michaux <mattias.michaux@gmail.com>
Tue, 26 Apr 2016 12:11:55 +0000 (14:11 +0200)
committerMattias Michaux <mattias.michaux@gmail.com>
Fri, 29 Apr 2016 05:42:04 +0000 (07:42 +0200)
CRM/Utils/Sort.php patch | blob | blame | history

diff --git a/CRM/Utils/Sort.php b/CRM/Utils/Sort.php
index 1801f97a4eef1f6c7baded4e8921a4d894202d8e..789dba32d65f8b5d8bbed58d001951ce88018174 100644 (file)
--- a/CRM/Utils/Sort.php
+++ b/CRM/Utils/Sort.php
@@ -121,7 +121,7 @@ class CRM_Utils_Sort {
 
     foreach ($vars as $weight => $value) {
       $this->_vars[$weight] = array(
-        'name' => $value['sort'],
+        'name' => CRM_Utils_Type::validate($value['sort'], 'MysqlColumnName'),
         'direction' => CRM_Utils_Array::value('direction', $value),
         'title' => $value['name'],
       );
@@ -152,11 +152,11 @@ class CRM_Utils_Sort {
       $this->_vars[$this->_currentSortID]['direction'] == self::DONTCARE
     ) {
       $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
-      return $this->_vars[$this->_currentSortID]['name'] . ' asc';
+      return CRM_Utils_Type::validate($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' asc';
     }
     else {
       $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
-      return $this->_vars[$this->_currentSortID]['name'] . ' desc';
+      return CRM_Utils_Type::validate($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' desc';
     }
   }