From 6b7514afd2f03f3543d7c84e77cc97fa1d84dbb4 Mon Sep 17 00:00:00 2001
From: David Rothstein <drothstein@gmail.com>
Date: Sat, 1 Nov 2014 13:21:52 -0400
Subject: Issue #829464 by Berdir, klausi, sepgil | Heine: Fixed orderby()
 should verify that the sort direction is always ASC or DESC.

---
 includes/database/select.inc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'includes/database')

diff --git a/includes/database/select.inc b/includes/database/select.inc
index 70c03a283..3abd205c9 100644
--- a/includes/database/select.inc
+++ b/includes/database/select.inc
@@ -377,7 +377,8 @@ interface SelectQueryInterface extends QueryConditionInterface, QueryAlterableIn
    * @param $field
    *   The field on which to order.
    * @param $direction
-   *   The direction to sort. Legal values are "ASC" and "DESC".
+   *   The direction to sort. Legal values are "ASC" and "DESC". Any other value
+   *   will be converted to "ASC".
    * @return SelectQueryInterface
    *   The called object.
    */
@@ -1384,6 +1385,8 @@ class SelectQuery extends Query implements SelectQueryInterface {
   }
 
   public function orderBy($field, $direction = 'ASC') {
+    // Only allow ASC and DESC, default to ASC.
+    $direction = strtoupper($direction) == 'DESC' ? 'DESC' : 'ASC';
     $this->order[$field] = $direction;
     return $this;
   }
-- 
cgit v1.2.3