From 59624e535edc6a3690e67ba341812cf8b34c6e88 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Thu, 18 Apr 2013 16:02:29 -0300
Subject: [PATCH] Only allow fields from isFieldSortable to be sorted on.

Prevents people from doing stupid things like:
https://commons.wikimedia.org/w/index.php?title=Special%3AListFiles&limit=50&user=bawolff&sort=img_description&asc=&desc=1
Which don't have indexes.

Change-Id: I7aeb89032e89283dd7dfe5d7bf12872203ca5520
---
 RELEASE-NOTES-1.22 | 1 +
 includes/Pager.php | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/RELEASE-NOTES-1.22 b/RELEASE-NOTES-1.22
index 5c6de79c12..86cdf21b64 100644
--- a/RELEASE-NOTES-1.22
+++ b/RELEASE-NOTES-1.22
@@ -41,6 +41,7 @@ production.
   is now non-significant and not preserved in the HTML output.
 * (bug 47218) Special:BlockList now handles correctly user names with spaces
   when passed as subpage.
+* Pager's properly validate which fields are allowed to be sorted on.
 
 === API changes in 1.22 ===
 * (bug 46626) xmldoublequote parameter was removed. Because of a bug, the
diff --git a/includes/Pager.php b/includes/Pager.php
index 56b5d489dd..8058c090c9 100644
--- a/includes/Pager.php
+++ b/includes/Pager.php
@@ -904,7 +904,9 @@ abstract class TablePager extends IndexPager {
 		}
 
 		$this->mSort = $this->getRequest()->getText( 'sort' );
-		if ( !array_key_exists( $this->mSort, $this->getFieldNames() ) ) {
+		if ( !array_key_exists( $this->mSort, $this->getFieldNames() )
+			|| !$this->isFieldSortable( $this->mSort )
+		) {
 			$this->mSort = $this->getDefaultSort();
 		}
 		if ( $this->getRequest()->getBool( 'asc' ) ) {
-- 
2.20.1