[geeklog-cvs] geeklog: Fixed sort by date in search results (bug #0001002)

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Mar 7 11:34:11 EST 2010 

changeset 7767:9a4c017e2a06
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/9a4c017e2a06
user: Sami Barakat <sami at sbarakat.co.uk>
date: Sun Mar 07 16:32:24 2010 +0000
description:
Fixed sort by date in search results (bug #0001002)

diffstat:

 system/classes/listfactory.class.php |  32 +++++++++++++++++++++-----------
 1 files changed, 21 insertions(+), 11 deletions(-)

diffs (57 lines):

diff -r 7b7880e1a297 -r 9a4c017e2a06 system/classes/listfactory.class.php
--- a/system/classes/listfactory.class.php	Sat Mar 06 12:47:53 2010 -0700
+++ b/system/classes/listfactory.class.php	Sun Mar 07 16:32:24 2010 +0000
@@ -448,23 +448,32 @@
     */
     function ExecuteQueries()
     {
-        // Get the details for sorting the list
-        $this->_sort_arr['field'] = isset($_GET['order']) ? COM_applyFilter($_GET['order']) : $this->_def_sort_arr['field'];
-        if (isset($_GET['direction']))
+        // Set to default sort, we will check the passed param in the next bit
+        $this->_sort_arr['field'] = $this->_def_sort_arr['field'];
+
+        if (isset($_GET['order'])) {
+            // Loop though the order fields and find a match against $_GET param
+            foreach ($this->_fields as $field) {
+                if ($field['sort'] == true && $field['name'] == $_GET['order']) {
+                    $this->_sort_arr['field'] = $field['name']; // Use a trusted value
+                    break;
+                }
+            }
+        }
+
+        if (isset($_GET['direction'])) {
             $this->_sort_arr['direction'] = $_GET['direction'] == 'asc' ? 'asc' : 'desc';
-        else
+        } else {
             $this->_sort_arr['direction'] = $this->_def_sort_arr['direction'];
+        }
 
-        if (is_numeric($this->_sort_arr['field']))
-        {
+        if (is_numeric($this->_sort_arr['field'])) {
             $ord = $this->_def_sort_arr['field'];
             $this->_sort_arr['field'] = LF_SOURCE_TITLE;
-        }
-        else
-        {
+        } else {
             $ord = $this->_sort_arr['field'];
         }
-        $order_sql = ' ORDER BY "' . addslashes($ord) . '" ' . strtoupper($this->_sort_arr['direction']);
+        $order_sql = ' ORDER BY ' . $ord . ' ' . strtoupper($this->_sort_arr['direction']);
 
         $this->_page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 1;
         if (isset($_GET['results'])) {
@@ -475,8 +484,9 @@
         $this->_total_found = count($this->_preset_rows);
 
         // When the preset rows exceed per_page bail early
-        if ($this->_total_found > $this->_per_page)
+        if ($this->_total_found > $this->_per_page) {
             return array_slice($rows_arr, 0, $this->_per_page);
+        }
 
         // Calculate the limits for each query
         $num_query_results = $this->_per_page - $this->_total_found;

More information about the geeklog-cvs mailing list