Search Lucene API uses the list of fields in the index as the whitelist, but it should use the fields defined in hook_luceneapi_sortable_fields() implementations instead. This will prevent users from being able to sort by fields that shouldn't be sortable.

Comments

cpliakas’s picture

cpliakas commented
Status: Active » Fixed

Fixed in commit #314118.

Status: Fixed » Closed (fixed)
Issue tags: -6.x-2.0

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +6.x-2.0

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.