Ensure that order and orderby fields are valid before attempting to access them on the snippet object

Author: sheabunge

php/class-list-table.php

@@ -1023,19 +1023,17 @@ private function get_sort_direction( $field, $a_data, $b_data ) {
 	 */
 	private function usort_reorder_callback( $a, $b ) {
 
-		// sort by ID by default
-		$orderby = (
-		! empty( $_REQUEST['orderby'] )
-			? $_REQUEST['orderby']
-			: apply_filters( 'code_snippets/list_table/default_orderby', 'priority' )
-		);
+		// sort by priority by default
+		$orderby = isset( $_REQUEST['orderby'] ) ? $_REQUEST['orderby'] : '';
+		if ( ! isset( $a->$orderby, $b->$orderby ) ) {
+			$orderby = apply_filters( 'code_snippets/list_table/default_orderby', 'priority' );
+		}
 
 		// sort ascending by default
-		$order = (
-		! empty( $_REQUEST['order'] )
-			? $_REQUEST['order']
-			: apply_filters( 'code_snippets/list_table/default_order', 'asc' )
-		);
+		$order = isset( $_REQUEST['order'] ) ? strtolower( $_REQUEST['order'] ) : '';
+		if ( $order !== 'asc' && $order !== 'desc' ) {
+			$order = apply_filters( 'code_snippets/list_table/default_order', 'asc' );
+		}
 
 		$result = $this->get_sort_direction( $orderby, $a->$orderby, $b->$orderby );
 

php/class-snippet.php

@@ -140,6 +140,7 @@ public function __isset( $field ) {
 	 * @param string $field The field name
 	 *
 	 * @return mixed The field value
+	 * @throws Exception if the field name does not exist.
 	 */
 	public function __get( $field ) {
 		$field = $this->validate_field_name( $field );
@@ -148,6 +149,10 @@ public function __get( $field ) {
 			return call_user_func( array( $this, 'get_' . $field ) );
 		}
 
+		if ( ! isset( $this->fields[ $field ] ) ) {
+			throw new Exception( sprintf( 'Snippet field %s does not exist', esc_html( $field ) ) );
+		}
+
 		return $this->fields[ $field ];
 	}