Added field escaping when sorting

createit-ru · createit-ru · commit 5dcb7313d27b · 2025-01-22T09:35:06.000+03:00
diff --git a/core/components/fileman/elements/snippets/files.php b/core/components/fileman/elements/snippets/files.php
@@ -71,7 +71,7 @@
 }
 
 // sort
-$c->sortby($sortby, $sortdir);
+$c->sortby($modx->escape($sortby), $sortdir);
 
 $items = $modx->getIterator(File::class, $c);
 
diff --git a/core/components/fileman/src/Processors/File/SortBy.php b/core/components/fileman/src/Processors/File/SortBy.php
@@ -41,10 +41,10 @@ public function process()
 
         
         $sortColumn = $this->modx->getSelectColumns($this->classKey, $this->objectType, '', [$field]);
-        $criteria->sortby($sortColumn, 'ASC');
+        $criteria->sortby($this->modx->escape($sortColumn), 'ASC');
 
         $sortColumn2 = $this->modx->getSelectColumns($this->classKey, $this->objectType, '', ['id']);
-        $criteria->sortby($sortColumn2, 'ASC');
+        $criteria->sortby($this->modx->escape($sortColumn2), 'ASC');
 
         $files = $this->modx->getIterator($this->classKey, $criteria);
 

Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`// sort`
`74`		`-$c->sortby($sortby, $sortdir);`
	`74`	`+$c->sortby($modx->escape($sortby), $sortdir);`
`75`	`75`
`76`	`76`	`$items = $modx->getIterator(File::class, $c);`
`77`	`77`