vijinho /
f3-cms
| @@ 181-200 (lines=20) @@ | ||
| 178 | ||
| 179 | // validate order field |
|
| 180 | $order = $f3->get('REQUEST.order'); |
|
| 181 | if (!empty($order)) { |
|
| 182 | $orderClauses = empty($order) ? [] : preg_split("/[,]/", $order); |
|
| 183 | foreach ($orderClauses as $k => $field) { |
|
| 184 | // split into field, asc/desc |
|
| 185 | $field = preg_split("/[\s]+/", trim($field)); |
|
| 186 | if (!in_array($field[0], $allFields)) { |
|
| 187 | // invalid field |
|
| 188 | unset($orderClauses[$k]); |
|
| 189 | continue; |
|
| 190 | } elseif (count($field) == 1) { |
|
| 191 | $field[1] = 'asc'; |
|
| 192 | } elseif (count($field) == 2) { |
|
| 193 | if (!in_array($field[1], ['asc', 'desc'])) { |
|
| 194 | $field[1] = 'asc'; |
|
| 195 | } |
|
| 196 | } |
|
| 197 | $orderClauses[$k] = $field[0] . ' ' . $field[1]; |
|
| 198 | } |
|
| 199 | $order = join(',', $orderClauses); |
|
| 200 | } |
|
| 201 | ||
| 202 | // fields to return and fields to search - validate |
|
| 203 | $validFields = []; |
|
| @@ 499-518 (lines=20) @@ | ||
| 496 | ||
| 497 | // validate order field |
|
| 498 | $order = $f3->get('REQUEST.order'); |
|
| 499 | if (!empty($order)) { |
|
| 500 | $orderClauses = empty($order) ? [] : preg_split("/[,]/", $order); |
|
| 501 | foreach ($orderClauses as $k => $field) { |
|
| 502 | // split into field, asc/desc |
|
| 503 | $field = preg_split("/[\s]+/", trim($field)); |
|
| 504 | if (!in_array($field[0], $allFields)) { |
|
| 505 | // invalid field |
|
| 506 | unset($orderClauses[$k]); |
|
| 507 | continue; |
|
| 508 | } elseif (count($field) == 1) { |
|
| 509 | $field[1] = 'asc'; |
|
| 510 | } elseif (count($field) == 2) { |
|
| 511 | if (!in_array($field[1], ['asc', 'desc'])) { |
|
| 512 | $field[1] = 'asc'; |
|
| 513 | } |
|
| 514 | } |
|
| 515 | $orderClauses[$k] = $field[0] . ' ' . $field[1]; |
|
| 516 | } |
|
| 517 | $order = join(',', $orderClauses); |
|
| 518 | } |
|
| 519 | ||
| 520 | // fields to return and fields to search - validate |
|
| 521 | $validFields = []; |
|
