function theme_table_header_sortable_order_by
Search API
| 6.x theme.inc | theme_table_header_sortable_order_by($headers) |
Used with the theme_table_header_sortable function (meant to be called AFTER headers have been created.)
The main thing we want to do is confirm that what we are getting from GET is a valid fieldname in the headers array, to prevent SQL injection.
7 calls to theme_table_header_sortable_order_by()
- admin_display_watchdog in modules/
admin/ admin.module - alerts_advisees_alerts_form in modules/
alerts/ alerts.module - Displays alerts for our various advisees.
- alerts_display_advisee_activities_page in modules/
alerts/ alerts.module - Display all advisee activities since the beginning of time, thanks to pager query.
- content_display_content_admin_list in modules/
content/ content.module - Display a list of content for the administrator
- content_public_files_form in modules/
content/ content.module - This screen lets the user upload/manage/delete "public files" stored at custom/files/content_uploads/public_uploads/
File
- includes/
theme.inc, line 132
Code
function theme_table_header_sortable_order_by($headers) {
$rtn = "";
$fsort = @$_GET ['fsort'];
$fsortdir = @$_GET ['fsortdir'];
if (!$fsort) {
return '';
}
if ($fsort) {
// Confirm that this field is in the headers array.
$bool_found_it = FALSE;
foreach ($headers as $header) {
if (isset($header ['field']) && $header ['field'] == $fsort) {
$bool_found_it = TRUE;
break;
}
}
if (!$bool_found_it) {
return ""; // couldn't find it!
}
}
if ($fsortdir != "" && $fsortdir != 'ASC' && $fsortdir != 'DESC') {
$fsortdir = '';
}
return "ORDER BY $fsort $fsortdir";
}