projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: da93a1a)
Added forgotten changes.
authorMattias Michaux <mattias.michaux@gmail.com>
Fri, 29 Apr 2016 19:01:30 +0000 (21:01 +0200)
committerMattias Michaux <mattias.michaux@gmail.com>
Fri, 29 Apr 2016 19:01:30 +0000 (21:01 +0200)
CRM/Core/Page/AJAX.php patch | blob | blame | history
CRM/Utils/Sort.php patch | blob | blame | history

diff --git a/CRM/Core/Page/AJAX.php b/CRM/Core/Page/AJAX.php
index d99e2b19ac564afa141716d2cf68c6bb0fd69284..7c4537eecd45feca2b851858c488a569565325b6 100644 (file)
--- a/CRM/Core/Page/AJAX.php
+++ b/CRM/Core/Page/AJAX.php
@@ -221,7 +221,7 @@ class CRM_Core_Page_AJAX {
 
     $sortMapper = array();
     foreach ($_GET['columns'] as $key => $value) {
-      $sortMapper[$key] = CRM_Utils_Type::escape($value['data'], 'MysqlColumnName');
+      $sortMapper[$key] = CRM_Utils_Type::validate($value['data'], 'MysqlColumnName');
     };
 
     $offset = isset($_GET['start']) ? CRM_Utils_Type::validate($_GET['start'], 'Integer') : $defaultOffset;
@@ -231,7 +231,7 @@ class CRM_Core_Page_AJAX {
     $sortOrder = isset($_GET['order'][0]['dir']) ? CRM_Utils_Type::validate($_GET['order'][0]['dir'], 'MysqlOrderByDirection') : $defaultsortOrder;
 
     if ($sort) {
-      $params['sortBy'] = "`{$sort}` {$sortOrder}";
+      $params['sortBy'] = "{$sort} {$sortOrder}";
 
       $params['_raw_values']['sort'][0] = $sort;
       $params['_raw_values']['order'][0] = $sortOrder;
diff --git a/CRM/Utils/Sort.php b/CRM/Utils/Sort.php
index 789dba32d65f8b5d8bbed58d001951ce88018174..e20e75d44296f9aff8f3168f4b1a362f21a3019a 100644 (file)
--- a/CRM/Utils/Sort.php
+++ b/CRM/Utils/Sort.php
@@ -152,11 +152,11 @@ class CRM_Utils_Sort {
       $this->_vars[$this->_currentSortID]['direction'] == self::DONTCARE
     ) {
       $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
-      return CRM_Utils_Type::validate($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' asc';
+      return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' asc';
     }
     else {
       $this->_vars[$this->_currentSortID]['name'] = str_replace(' ', '_', $this->_vars[$this->_currentSortID]['name']);
-      return CRM_Utils_Type::validate($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' desc';
+      return CRM_Utils_Type::escape($this->_vars[$this->_currentSortID]['name'], 'MysqlColumnName') . ' desc';
     }
   }