Commit 70a3686c authored by Alexander Butenko's avatar Alexander Butenko

Merge pull request #318 from avbdr/master

Added * as a valid char for orderBy and groupBy
parents 8041c0f4 a6d5f132
...@@ -713,7 +713,7 @@ class MysqliDb ...@@ -713,7 +713,7 @@ class MysqliDb
{ {
$allowedDirection = Array ("ASC", "DESC"); $allowedDirection = Array ("ASC", "DESC");
$orderbyDirection = strtoupper (trim ($orderbyDirection)); $orderbyDirection = strtoupper (trim ($orderbyDirection));
$orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`]+/i",'', $orderByField); $orderByField = preg_replace ("/[^-a-z0-9\.\(\),_`\*]+/i",'', $orderByField);
// Add table prefix to orderByField if needed. // Add table prefix to orderByField if needed.
//FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases //FIXME: We are adding prefix only if table is enclosed into `` to distinguish aliases
...@@ -746,7 +746,7 @@ class MysqliDb ...@@ -746,7 +746,7 @@ class MysqliDb
*/ */
public function groupBy($groupByField) public function groupBy($groupByField)
{ {
$groupByField = preg_replace ("/[^-a-z0-9\.\(\),_]+/i",'', $groupByField); $groupByField = preg_replace ("/[^-a-z0-9\.\(\),_\*]+/i",'', $groupByField);
$this->_groupBy[] = $groupByField; $this->_groupBy[] = $groupByField;
return $this; return $this;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment