From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Tue, 16 Sep 2008 14:49:22 +0000 (+0000)
Subject: Escape order by function (thanks to Kajman)
X-Git-Tag: v3.0.0~1031
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=b90efd67069655618748542a88986d0dc451d774;p=adminer.git

Escape order by function (thanks to Kajman)

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@487 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/select.inc.php b/select.inc.php
index ccf75a68..9b378f63 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -49,10 +49,8 @@ foreach ((array) $_GET["where"] as $val) {
 }
 $order = array();
 foreach ((array) $_GET["order"] as $key => $val) {
-	if (in_array($val, $columns, true)) {
+	if (in_array($val, $columns, true) || preg_match('(^(COUNT\\(\\*\\)|(' . strtoupper(implode('|', $functions) . '|' . implode('|', $grouping)) . ')\\((' . implode('|', array_map('preg_quote', array_map('idf_escape', $columns))) . ')\\))$)', $val)) {
 		$order[] = idf_escape($val) . (isset($_GET["desc"][$key]) ? " DESC" : "");
-	} elseif (preg_match('(^(COUNT\\(\\*\\)|(' . strtoupper(implode('|', $functions) . '|' . implode('|', $grouping)) . ')\\((' . implode('|', array_map('preg_quote', array_map('idf_escape', $columns))) . ')\\))$)', $val)) {
-		$order[] = $val . (isset($_GET["desc"][$key]) ? " DESC" : "");
 	}
 }
 $limit = (isset($_GET["limit"]) ? $_GET["limit"] : "30");