correct order by in sql request

This commit is contained in:
Théo Zimmermann 2014-11-13 13:56:40 +01:00
parent b800a8bbe7
commit 97015d4034

View File

@ -114,8 +114,12 @@ class Comments:
sql.append('AND comments.parent=?')
sql_args.append(parent)
sql.append('ORDER BY ? ASC')
sql_args.append(order_by)
# custom sanitization
if order_by not in ['id', 'created', 'modified', 'likes', 'dislikes']:
order_by = 'id'
sql.append('ORDER BY ')
sql.append(order_by)
sql.append(' ASC')
if limit:
sql.append('LIMIT ?')