pref-users: fix sorting the table

This commit is contained in:
Andrew Dolgov 2017-12-03 13:54:03 +03:00
parent 3eecebc34f
commit 2cf93c046c
2 changed files with 13 additions and 3 deletions

View file

@ -376,7 +376,10 @@ class Pref_Users extends Handler_Protected {
print "</div>"; #pane
print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"sticky-status-msg\"></div>";
$sort = validate_field($sort,
["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
if ($sort != "login") $sort = "$sort DESC";
$sth = $this->pdo->prepare("SELECT
tu.id,
@ -388,8 +391,8 @@ class Pref_Users extends Handler_Protected {
ttrss_users tu
WHERE
(:search = '' OR login LIKE :search) AND tu.id > 0
ORDER BY :sort");
$sth->execute([":search" => $user_search ? "%$user_search%" : "", ":sort" => $sort]);
ORDER BY $sort");
$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">";

View file

@ -2548,6 +2548,13 @@
return $bad_tables;
}
function validate_field($string, $allowed, $default = "") {
if (in_array($string, $allowed))
return $string;
else
return $default;
}
function arr_qmarks($arr) {
return str_repeat('?,', count($arr) - 1) . '?';
}