diff --git a/src/Controller/Component/PaginatorComponent.php b/src/Controller/Component/PaginatorComponent.php index 58a1626c4b4..4f190cb5cd1 100644 --- a/src/Controller/Component/PaginatorComponent.php +++ b/src/Controller/Component/PaginatorComponent.php @@ -357,7 +357,9 @@ protected function _prefix(Table $object, $order, $validate = false) } $correctAlias = ($tableAlias === $alias); - if ($correctAlias && (!$validate || $object->hasField($field))) { + if (!$correctAlias && !$validate) { + $tableOrder[$alias . '.' . $field] = $value; + } elseif ($correctAlias && (!$validate || $object->hasField($field))) { $tableOrder[$tableAlias . '.' . $field] = $value; } } diff --git a/tests/TestCase/Controller/Component/PaginatorComponentTest.php b/tests/TestCase/Controller/Component/PaginatorComponentTest.php index d9bf8373b0a..0b91b69b003 100644 --- a/tests/TestCase/Controller/Component/PaginatorComponentTest.php +++ b/tests/TestCase/Controller/Component/PaginatorComponentTest.php @@ -568,6 +568,35 @@ public function testValidateSortWhitelistTrusted() $this->assertEquals($expected, $result['order']); } + /** + * test that multiple fields in the whitelist are not validated and properly aliased. + * + * @return void + */ + public function testValidateSortWhitelistMultiple() + { + $model = $this->getMock('Cake\ORM\Table'); + $model->expects($this->any()) + ->method('alias') + ->will($this->returnValue('model')); + $model->expects($this->never())->method('hasField'); + + $options = [ + 'order' => [ + 'body' => 'asc', + 'foo.bar' => 'asc' + ], + 'sortWhitelist' => ['body', 'foo.bar'] + ]; + $result = $this->Paginator->validateSort($model, $options); + + $expected = [ + 'model.body' => 'asc', + 'foo.bar' => 'asc' + ]; + $this->assertEquals($expected, $result['order']); + } + /** * test that multiple sort works. *