%#
%# COPYRIGHT:
%#
-%# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
%# <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
my $new_order = 'ASC';
$new_order = $Order[0] eq 'ASC'? 'DESC': 'ASC'
- if $OrderBy[0] && $OrderBy[0] eq $attr;
+ if $OrderBy[0] && ($OrderBy[0] eq $attr or "$attr|$OrderBy[0]" =~ /^(Created|id)\|(Created|id)$/);
$m->out(
- '<a href="' . $BaseURL
+ '<a href="' . $m->interp->apply_escapes($BaseURL
. $m->comp( '/Elements/QueryString',
%$generic_query_args,
OrderBy => $attr, Order => $new_order
- )
+ ), 'h')
. '">'. loc($title) .'</a>'
);
}