Only allow fields from isFieldSortable to be sorted on.

author Brian Wolff <bawolff+wn@gmail.com>

Thu, 18 Apr 2013 19:02:29 +0000 (16:02 -0300)

committer Alexandre Emsenhuber <ialex.wiki@gmail.com>

Fri, 19 Apr 2013 06:24:42 +0000 (08:24 +0200)
author Brian Wolff <bawolff+wn@gmail.com>
Thu, 18 Apr 2013 19:02:29 +0000 (16:02 -0300)
committer Alexandre Emsenhuber <ialex.wiki@gmail.com>
Fri, 19 Apr 2013 06:24:42 +0000 (08:24 +0200)
diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22

index 5c6de79..86cdf21 100644 (file)
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -41,6 +41,7 @@ production.
    is now non-significant and not preserved in the HTML output.
  * (bug 47218) Special:BlockList now handles correctly user names with spaces
    when passed as subpage.
+* Pager's properly validate which fields are allowed to be sorted on.
  
  === API changes in 1.22 ===
  * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
diff --git a/includes/Pager.php b/includes/Pager.php

index 56b5d48..8058c09 100644 (file)
--- a/includes/Pager.php
+++ b/includes/Pager.php
@@ -904,7 +904,9 @@ abstract class TablePager extends IndexPager {
                 }
  
                 $this->mSort = $this->getRequest()->getText( 'sort' );
-               if ( !array_key_exists( $this->mSort, $this->getFieldNames() ) ) {
+               if ( !array_key_exists( $this->mSort, $this->getFieldNames() )
+                       || !$this->isFieldSortable( $this->mSort )
+               ) {
                         $this->mSort = $this->getDefaultSort();
                 }
                 if ( $this->getRequest()->getBool( 'asc' ) ) {
author	Brian Wolff <bawolff+wn@gmail.com>
	Thu, 18 Apr 2013 19:02:29 +0000 (16:02 -0300)
committer	Alexandre Emsenhuber <ialex.wiki@gmail.com>
	Fri, 19 Apr 2013 06:24:42 +0000 (08:24 +0200)
RELEASE-NOTES-1.22		patch \| blob \| history
includes/Pager.php		patch \| blob \| history