From fe8be115fbe1e55c4af060602f37a5fbda7cb7ed Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Sun, 4 Apr 2004 23:01:58 +0000
Subject: [PATCH] as talked with lars ;-)

---
 phpgwapi/inc/class.accounts_sql.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpgwapi/inc/class.accounts_sql.inc.php b/phpgwapi/inc/class.accounts_sql.inc.php
index 3246478cfb..17e933c777 100644
--- a/phpgwapi/inc/class.accounts_sql.inc.php
+++ b/phpgwapi/inc/class.accounts_sql.inc.php
@@ -135,7 +135,7 @@
 				$sort = "DESC";
 			}
 
-			if ($order)
+			if (!empty($order) && preg_match('/^[a-zA-Z_0-9, ]+$/',$order) && (empty($sort) || preg_match('/^(DESC|ASC|desc|asc)$/',$sort)))
 			{
 				$orderclause = "ORDER BY $order $sort";
 			}