diff --git a/resources/functions.php b/resources/functions.php index 3dab7f19b..a7b2f9334 100644 --- a/resources/functions.php +++ b/resources/functions.php @@ -18,7 +18,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2025 + Portions created by the Initial Developer are Copyright (C) 2008-2026 the Initial Developer. All Rights Reserved. Contributor(s): @@ -648,6 +648,7 @@ if (!function_exists('th_order_by')) { // Sanitize the parameters $sanitized_parameters = ''; + $has_order_by = false; if (!empty($http_get_params)) { $params = $http_get_params; @@ -657,9 +658,11 @@ if (!function_exists('th_order_by')) { foreach ($params as $key => $value) { if ($key == 'order_by' && !empty($value)) { + $has_order_by = true; // Validate order by $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $value); } else if ($key == 'order' && !empty($value)) { + $has_order_by = true; // Validate order if (in_array(strtolower($value), ['asc', 'desc'])) { $order = strtolower($value); @@ -690,13 +693,19 @@ if (!function_exists('th_order_by')) { } // Build the HTML - $html = ""; + $html = "\n"; if (!empty($description)) { - $html .= "" . escape($column_title) . ""; + $html .= " " . escape($column_title) . "\n"; } else { - $html .= "" . escape($column_title) . ""; + $html .= " " . escape($column_title) . "\n"; } - $html .= ""; + if ($has_order_by && $order_by === $field_name && $order == "desc") { + $html .= " \n"; + } else if ($has_order_by && $order_by === $field_name) { + $html .= " \n"; + } + $html .= " \n"; + $html .= "\n"; return $html; } }