From: bbaetz%student.usyd.edu.au <>
Date: Sat, 8 Jun 2002 10:05:30 +0000 (+0000)
Subject: Bug 149845 - buglist.cgi checks for ORDER validity are wrong
X-Git-Tag: bugzilla-2.16~51
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7fc253f01f80e6044b13bc6f2855e09d608987bd;p=thirdparty%2Fbugzilla.git

Bug 149845 - buglist.cgi checks for ORDER validity are wrong
r=myk x2
---

diff --git a/buglist.cgi b/buglist.cgi
index 917103fc22..4656fc42a1 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1309,11 +1309,13 @@ if ($order) {
     # by which to sort the results.
     ORDER: for ($order) {
         /\./ && do {
+            my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
             # A custom list of columns.  Make sure each column is valid.
-            foreach my $fragment (split(/[,\s]+/, $order)) {
-                next if $fragment =~ /^asc|desc$/i;
-                my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
-                if (!grep($_ eq $fragment, @columnnames)) {
+            foreach my $fragment (split(/,/, $order)) {
+                $fragment = trim($fragment);
+                # Accept an order fragment matching a column name, with
+                # asc|desc optionally following (to specify the direction)
+                if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) {
                     my $qfragment = html_quote($fragment);
                     my $error = "The custom sort order you specified in your "
                               . "form submission contains an invalid column "