pref-users: fix sorting the table

author: Andrew Dolgov <[email protected]> 2017-12-03 13:54:03 +0300
committer: Andrew Dolgov <[email protected]> 2017-12-03 13:54:31 +0300
commit: 2cf93c046c790005e66670c5c4bfe5b6b3e72a67 (patch)
tree: 4f6e74e6bb67f8910612a37b0f55e6ce815c8a36 /classes
parent: 3eecebc34f548cb135b5285515729ed91184e9e4 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 82893c548..b23950bd3 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -376,7 +376,10 @@ class Pref_Users extends Handler_Protected {
 			print "</div>"; #pane
 			print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
 
-			print "<div id=\"sticky-status-msg\"></div>";
+			$sort = validate_field($sort,
+				["login", "access_level", "created", "num_feeds", "created", "last_login"], "login");
+
+			if ($sort != "login") $sort = "$sort DESC";
 
 			$sth = $this->pdo->prepare("SELECT
 					tu.id,
@@ -388,8 +391,8 @@ class Pref_Users extends Handler_Protected {
 					ttrss_users tu
 				WHERE
 					(:search = '' OR login LIKE :search) AND tu.id > 0
-				ORDER BY :sort");
-			$sth->execute([":search" => $user_search ? "%$user_search%" : "", ":sort" => $sort]);
+				ORDER BY $sort");
+			$sth->execute([":search" => $user_search ? "%$user_search%" : ""]);
 
 			print "<p><table width=\"100%\" cellspacing=\"0\"
 				class=\"prefUserList\" id=\"prefUserList\">";
author	Andrew Dolgov <[email protected]>	2017-12-03 13:54:03 +0300
committer	Andrew Dolgov <[email protected]>	2017-12-03 13:54:31 +0300
commit	2cf93c046c790005e66670c5c4bfe5b6b3e72a67 (patch)
tree	4f6e74e6bb67f8910612a37b0f55e6ce815c8a36 /classes
parent	3eecebc34f548cb135b5285515729ed91184e9e4 (diff)