From 4547e438c805b538d033bc78d8ed41ee1d19674e Mon Sep 17 00:00:00 2001
From: RedKale <22250530@qq.com>
Date: Wed, 1 Jun 2016 12:33:23 +0800
Subject: [PATCH]

---
 src/org/redkale/source/EntityCache.java | 2 +-
 src/org/redkale/source/EntityInfo.java  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/org/redkale/source/EntityCache.java b/src/org/redkale/source/EntityCache.java
index a00e75e14..52881c911 100644
--- a/src/org/redkale/source/EntityCache.java
+++ b/src/org/redkale/source/EntityCache.java
@@ -424,7 +424,7 @@ public final class EntityCache<T> {
 
     //-------------------------------------------------------------------------------------------------------------------------------
     protected Comparator<T> createComparator(Flipper flipper) {
-        if (flipper == null || flipper.getSort() == null || flipper.getSort().isEmpty()) return null;
+        if (flipper == null || flipper.getSort() == null || flipper.getSort().isEmpty() || flipper.getSort().indexOf(';') >= 0  || flipper.getSort().indexOf('\n') >= 0) return null;
         final String sort = flipper.getSort();
         Comparator<T> comparator = this.sortComparators.get(sort);
         if (comparator != null) return comparator;
diff --git a/src/org/redkale/source/EntityInfo.java b/src/org/redkale/source/EntityInfo.java
index 4e45ef0ba..a3d9b2a12 100644
--- a/src/org/redkale/source/EntityInfo.java
+++ b/src/org/redkale/source/EntityInfo.java
@@ -312,7 +312,7 @@ public final class EntityInfo<T> {
     }
 
     protected String createSQLOrderby(Flipper flipper) {
-        if (flipper == null || flipper.getSort() == null || flipper.getSort().isEmpty()) return "";
+        if (flipper == null || flipper.getSort() == null || flipper.getSort().isEmpty() || flipper.getSort().indexOf(';') >= 0  || flipper.getSort().indexOf('\n') >= 0 ) return "";
         final String sort = flipper.getSort();
         String sql = this.sortOrderbySqls.get(sort);
         if (sql != null) return sql;