From 5cfbfcd671034f45dea0bf9879d54d07a78d6084 Mon Sep 17 00:00:00 2001
From: int2001 <joerg@dj7nt.de>
Date: Wed, 2 Apr 2025 09:43:22 +0000
Subject: [PATCH] Make order_by more safe

---
 application/models/Logbookadvanced_model.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/application/models/Logbookadvanced_model.php b/application/models/Logbookadvanced_model.php
index 29e7898b0..5611fd8a6 100644
--- a/application/models/Logbookadvanced_model.php
+++ b/application/models/Logbookadvanced_model.php
@@ -443,6 +443,11 @@ class Logbookadvanced_model extends CI_Model {
 			return 'ORDER BY qsos.COL_TIME_ON desc';
 		} else {
 			$sortorder = explode(',', $sortorder);
+			if (strtoupper($sortorder[1] ?? '') == 'ASC') {
+				$sortorder[1]='asc';
+			} else {
+				$sortorder[1]='desc';
+			}
 
 			if ($this->session->userdata('user_lotw_name') != "" && $this->session->userdata('user_eqsl_name') != ""){
 				switch($sortorder[0]) {