CRM-17983, CRM-18401. Input validation

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index fc081a466c4aa3ef84b978ff903ef18c5d952d28..b02541623936fb584062b2c11feecdcb0101406a 100644 (file)
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -838,7 +838,7 @@ LIMIT {$offset}, {$rowCount}
     $offset = isset($_REQUEST['iDisplayStart']) ? CRM_Utils_Type::escape($_REQUEST['iDisplayStart'], 'Integer') : 0;
     $rowCount = isset($_REQUEST['iDisplayLength']) ? CRM_Utils_Type::escape($_REQUEST['iDisplayLength'], 'Integer') : 25;
     $sort = isset($_REQUEST['iSortCol_0']) ? CRM_Utils_Array::value(CRM_Utils_Type::escape($_REQUEST['iSortCol_0'], 'Integer'), $sortMapper) : NULL;
-    $sortOrder = isset($_REQUEST['sSortDir_0']) ? CRM_Utils_Type::escape($_REQUEST['sSortDir_0'], 'String') : 'asc';
+    $sortOrder = isset($_REQUEST['sSortDir_0']) ? CRM_Utils_Type::escape($_REQUEST['sSortDir_0'], 'mysqlOrderByDirection') : 'asc';
 
     $params = $_POST;
     if ($sort && $sortOrder) {