From 8670761e0b24aa48af00400b898d58e76b3baea7 Mon Sep 17 00:00:00 2001
From: David McReynolds <dave@thedaylightstudio.com>
Date: Tue, 10 Aug 2021 11:25:28 -0700
Subject: [PATCH] fix: for issue issue 582 & 583

---
 fuel/modules/fuel/models/Base_module_model.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fuel/modules/fuel/models/Base_module_model.php b/fuel/modules/fuel/models/Base_module_model.php
index 1ab2f8488..c85daecbc 100644
--- a/fuel/modules/fuel/models/Base_module_model.php
+++ b/fuel/modules/fuel/models/Base_module_model.php
@@ -335,6 +335,12 @@ public function list_items($limit = NULL, $offset = 0, $col = 'id', $order = 'as
 		}
 
 		$escape_order_by = (property_exists($this, 'escape_order_by')) ? $this->escape_order_by : TRUE;
+		
+		// Additional cleaning
+		if ($escape_order_by && strpos($col, ')') !== FALSE)
+		{
+			$col = '';
+		}
 		if (!empty($col)) $this->db->order_by($col, $order, $escape_order_by);
 		if (!empty($limit)) $this->db->limit((int) $limit);
 		$this->db->offset((int)$offset);