From 80908ec77831ce09965859fa143b2131e4bc921a Mon Sep 17 00:00:00 2001
From: Mark Story <mark@mark-story.com>
Date: Sat, 8 Aug 2015 17:19:03 -0400
Subject: [PATCH] Ensure that fields in orderAsc/orderDesc are quoted.

String fields should be quoted when used with orderDesc/orderAsc.
---
 src/Database/Expression/OrderClauseExpression.php | 11 ++++-------
 tests/TestCase/Database/QueryTest.php             | 13 +++++++++++++
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/Database/Expression/OrderClauseExpression.php b/src/Database/Expression/OrderClauseExpression.php
index 4157e31f12b..e4eb7f5637e 100644
--- a/src/Database/Expression/OrderClauseExpression.php
+++ b/src/Database/Expression/OrderClauseExpression.php
@@ -15,6 +15,8 @@
 namespace Cake\Database\Expression;
 
 use Cake\Database\ExpressionInterface;
+use Cake\Database\Expression\FieldInterface;
+use Cake\Database\Expression\FieldTrait;
 use Cake\Database\ValueBinder;
 
 /**
@@ -22,14 +24,9 @@
  *
  * @internal
  */
-class OrderClauseExpression implements ExpressionInterface
+class OrderClauseExpression implements ExpressionInterface, FieldInterface
 {
-    /**
-     * The field being sorted on.
-     *
-     * @var \Cake\Database\ExpressionInterface|string
-     */
-    protected $_field;
+    use FieldTrait;
 
     /**
      * The direction of sorting.
diff --git a/tests/TestCase/Database/QueryTest.php b/tests/TestCase/Database/QueryTest.php
index 014cea0ffc4..16f655ad944 100644
--- a/tests/TestCase/Database/QueryTest.php
+++ b/tests/TestCase/Database/QueryTest.php
@@ -1504,6 +1504,8 @@ public function testSelectOrderAsc()
         $query->select(['id'])
             ->from('articles')
             ->orderAsc('id');
+
+        $sql = $query->sql();
         $result = $query->execute()->fetchAll('assoc');
         $expected = [
             ['id' => 1],
@@ -1511,6 +1513,11 @@ public function testSelectOrderAsc()
             ['id' => 3],
         ];
         $this->assertEquals($expected, $result);
+        $this->assertQuotedQuery(
+            'SELECT <id> FROM <articles> ORDER BY <id> ASC',
+            $sql,
+            !$this->autoQuote
+        );
 
         $query = new Query($this->connection);
         $query->select(['id'])
@@ -1537,6 +1544,7 @@ public function testSelectOrderDesc()
         $query->select(['id'])
             ->from('articles')
             ->orderDesc('id');
+        $sql = $query->sql();
         $result = $query->execute()->fetchAll('assoc');
         $expected = [
             ['id' => 3],
@@ -1544,6 +1552,11 @@ public function testSelectOrderDesc()
             ['id' => 1],
         ];
         $this->assertEquals($expected, $result);
+        $this->assertQuotedQuery(
+            'SELECT <id> FROM <articles> ORDER BY <id> DESC',
+            $sql,
+            !$this->autoQuote
+        );
 
         $query = new Query($this->connection);
         $query->select(['id'])