elgg_get_entities: order_by and group_by options run through sanitise_string()
|Reported by:||mrclay||Owned by:|
To order by last name, one must join in the user entity table and order by REVERSE(SUBSTRING_INDEX(REVERSE(name), ' ', 1)). The problem is that single or double quote chars get escaped (prepending them with \).
Is this escaping necessary?
BTW, I got around it by using CHAR(32) instead of the string.
Change History (7)
comment:1 Changed 14 months ago by brettp
- Difficulty set to easy
- Milestone changed from Needs Review to Elgg 1.8.x
- Priority changed from normal to low
- Severity changed from minor to trivial
- Summary changed from elgg_get_entities: order_by clauses have quotes escaped to elgg_get_entities: order_by and group_by options run through sanitise_string()
comment:4 Changed 11 months ago by Steve Clay
- Resolution set to fixed
- Status changed from new to closed