Commit 950b4da1 authored by Thierry Bugier's avatar Thierry Bugier Committed by Johan Cwiklinski
Browse files

fix unescaped column name in API



if the column is a reserved word of SQL, the query fails
Signed-off-by: default avatarThierry Bugier <tbugier@teclib.com>
parent ad83a395
......@@ -1265,7 +1265,7 @@ abstract class API extends CommonGLPI {
FROM `$table`
$join
WHERE $where
ORDER BY ".$params['sort']." ".$params['order']."
ORDER BY `".$params['sort']."` ".$params['order']."
LIMIT ".$params['start'].", ".$params['list_limit'];
if ($result = $DB->query($query)) {
while ($data = $DB->fetch_assoc($result)) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment