Only allow sort fields that match the current object alias.

Instead of modifying aliases that do not match, only allow aliases that
do match.

Refs #3803

lib/Cake/Controller/Component/PaginatorComponent.php

@@ -384,10 +384,11 @@ class PaginatorComponent extends Component {
 				if (strpos($key, '.') !== false) {
 					list($alias, $field) = explode('.', $key);
 				}
+				$correctAlias = ($object->alias == $alias);
 
-				if ($object->hasField($field)) {
+				if ($correctAlias && $object->hasField($field)) {
 					$order[$object->alias . '.' . $field] = $value;
-				} elseif ($object->hasField($key, true)) {
+				} elseif ($correctAlias && $object->hasField($key, true)) {
 					$order[$field] = $value;
 				} elseif (isset($object->{$alias}) && $object->{$alias}->hasField($field, true)) {
 					$order[$alias . '.' . $field] = $value;

lib/Cake/Test/Case/Controller/Component/PaginatorComponentTest.php

@@ -960,6 +960,30 @@ class PaginatorComponentTest extends CakeTestCase {
 	}
 
 /**
+ * test that sorting fields is alias specific
+ *
+ * @return void
+ */
+	public function testValidateSortSharedFields() {
+		$model = $this->getMock('Model');
+		$model->alias = 'Parent';
+		$model->Child = $this->getMock('Model');
+		$model->Child->alias = 'Child';
+
+		$model->expects($this->never())
+			->method('hasField');
+
+		$model->Child->expects($this->at(0))
+			->method('hasField')
+			->with('something')
+			->will($this->returnValue(true));
+
+		$options = array('sort' => 'Child.something', 'direction' => 'desc');
+		$result = $this->Paginator->validateSort($model, $options);
+
+		$this->assertEquals('desc', $result['order']['Child.something']);
+	}
+/**
  * test that multiple sort works.
  *
  * @return void
@@ -1016,7 +1040,7 @@ class PaginatorComponentTest extends CakeTestCase {
 
 		$options = array('sort' => 'Derp.id');
 		$result = $this->Paginator->validateSort($model, $options);
-		$this->assertEquals(array('Model.id' => 'asc'), $result['order']);
+		$this->assertEquals(array(), $result['order']);
 	}
 
 /**