From: bbaetz%student.usyd.edu.au <>
Date: Sat, 8 Jun 2002 10:06:10 +0000 (+0000)
Subject: Bug 149845 - buglist.cgi checks for ORDER validity are wrong
X-Git-Tag: bugzilla-2.17.1~320
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78cbd8ba5f133da98a7a10910d43a901f7a21c39;p=thirdparty%2Fbugzilla.git

Bug 149845 - buglist.cgi checks for ORDER validity are wrong
r=myk x2
---

diff --git a/buglist.cgi b/buglist.cgi
index b7fb72a69f..925f0296f9 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1302,11 +1302,13 @@ if ($order) {
     # by which to sort the results.
     ORDER: for ($order) {
         /\./ && do {
+            my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
             # A custom list of columns.  Make sure each column is valid.
-            foreach my $fragment (split(/[,\s]+/, $order)) {
-                next if $fragment =~ /^asc|desc$/i;
-                my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
-                if (!grep($_ eq $fragment, @columnnames)) {
+            foreach my $fragment (split(/,/, $order)) {
+                $fragment = trim($fragment);
+                # Accept an order fragment matching a column name, with
+                # asc|desc optionally following (to specify the direction)
+                if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) {
                     my $qfragment = html_quote($fragment);
                     my $error = "The custom sort order you specified in your "
                               . "form submission contains an invalid column "