From c8d9381d39b1c0f5488cf059ea9aa659ee227da4 Mon Sep 17 00:00:00 2001
From: David McReynolds <dave@thedaylightstudio.com>
Date: Tue, 25 Aug 2020 08:56:17 -0700
Subject: [PATCH] fix: issue #562

---
 fuel/modules/fuel/config/fuel_constants.php    | 2 +-
 fuel/modules/fuel/models/Base_module_model.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fuel/modules/fuel/config/fuel_constants.php b/fuel/modules/fuel/config/fuel_constants.php
index 182645708..89f36e3a2 100644
--- a/fuel/modules/fuel/config/fuel_constants.php
+++ b/fuel/modules/fuel/config/fuel_constants.php
@@ -1,6 +1,6 @@
 <?php 
 // INSTALL_ROOT is defined in the index.php bootstrap file
-define('FUEL_VERSION', '1.4.9');
+define('FUEL_VERSION', '1.4.10');
 if (!defined('MODULES_FOLDER'))
 {
 	define('MODULES_FOLDER', '../../fuel/modules');
diff --git a/fuel/modules/fuel/models/Base_module_model.php b/fuel/modules/fuel/models/Base_module_model.php
index ac7dd8ada..11d70b814 100644
--- a/fuel/modules/fuel/models/Base_module_model.php
+++ b/fuel/modules/fuel/models/Base_module_model.php
@@ -333,7 +333,7 @@ public function list_items($limit = NULL, $offset = 0, $col = 'id', $order = 'as
 			$this->db->select($this->table_name.'.*'); // make select table specific
 		}
 
-		if (!empty($col)) $this->db->order_by(str_replace(' ', '', $col), str_replace(' ', '', $order), FALSE);
+		if (!empty($col)) $this->db->order_by($this->db->escape($col), $this->db->escape($order), FALSE);
 		if (!empty($limit)) $this->db->limit((int) $limit);
 		$this->db->offset((int)$offset);