From 78cbd8ba5f133da98a7a10910d43a901f7a21c39 Mon Sep 17 00:00:00 2001
From: "bbaetz%student.usyd.edu.au" <>
Date: Sat, 8 Jun 2002 10:06:10 +0000
Subject: Bug 149845 - buglist.cgi checks for ORDER validity are wrong r=myk x2

---
 buglist.cgi | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'buglist.cgi')

diff --git a/buglist.cgi b/buglist.cgi
index b7fb72a69..925f0296f 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -1302,11 +1302,13 @@ if ($order) {
     # by which to sort the results.
     ORDER: for ($order) {
         /\./ && do {
+            my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
             # A custom list of columns.  Make sure each column is valid.
-            foreach my $fragment (split(/[,\s]+/, $order)) {
-                next if $fragment =~ /^asc|desc$/i;
-                my @columnnames = map($columns->{lc($_)}->{'name'}, keys(%$columns));
-                if (!grep($_ eq $fragment, @columnnames)) {
+            foreach my $fragment (split(/,/, $order)) {
+                $fragment = trim($fragment);
+                # Accept an order fragment matching a column name, with
+                # asc|desc optionally following (to specify the direction)
+                if (!grep($fragment =~ /^\Q$_\E(\s+(asc|desc))?$/, @columnnames)) {
                     my $qfragment = html_quote($fragment);
                     my $error = "The custom sort order you specified in your "
                               . "form submission contains an invalid column "
-- 
cgit v1.2.3-24-g4f1b