diff options
Diffstat (limited to 'buglist.cgi')
-rwxr-xr-x | buglist.cgi | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/buglist.cgi b/buglist.cgi index b7fb72a69..925f0296f 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -1302,11 +1302,13 @@ if ($order) { # by which to sort the results. ORDER: for ($order) { /\./ && do { + my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); # A custom list of columns. Make sure each column is valid. - foreach my $fragment (split(/[,\s]+/, $order)) { - next if $fragment =~ /^asc|desc$/i; - my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns)); - if (!grep($_ eq $fragment, @columnnames)) { + foreach my $fragment (split(/,/, $order)) { + $fragment = trim($fragment); + # Accept an order fragment matching a column name, with + # asc|desc optionally following (to specify the direction) + if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) { my $qfragment = html_quote($fragment); my $error = "The custom sort order you specified in your " . "form submission contains an invalid column " |