Merge pull request #137 from Zimmi48/master

correct order by in sql request
This commit is contained in:
Martin Zimmermann 2014-11-17 19:49:08 +01:00
commit 8918c4a186

View File

@ -114,8 +114,12 @@ class Comments:
sql.append('AND comments.parent=?')
sql_args.append(parent)
sql.append('ORDER BY ? ASC')
sql_args.append(order_by)
# custom sanitization
if order_by not in ['id', 'created', 'modified', 'likes', 'dislikes']:
order_by = 'id'
sql.append('ORDER BY ')
sql.append(order_by)
sql.append(' ASC')
if limit:
sql.append('LIMIT ?')