From 4e3b84eb391de177d94fd1c4189d456280fd7fdd Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 23 Jun 2009 14:23:11 -0700
Subject: Escape {$this->sort_column} in get_position()

---
 modules/gallery/models/item.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 7dce9e51..07c305d8 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -381,9 +381,9 @@ class Item_Model extends ORM_MPTT {
     $result = Database::instance()->query("
       SELECT COUNT(*) AS position FROM {items}
        WHERE parent_id = {$this->id}
-         AND {$this->sort_column} <= (SELECT {$this->sort_column}
+         AND `{$this->sort_column}` <= (SELECT `{$this->sort_column}`
                                         FROM {items} WHERE id = $child_id)
-       ORDER BY {$this->sort_column} {$this->sort_order}");
+       ORDER BY `{$this->sort_column}` {$this->sort_order}");
 
     return $result->current()->position;
   }
-- 
cgit v1.2.3