Merge pull request from GHSA-2jx3-5j9v-prpp

Validate order by and order way

Author: atomiix

src/Search/WishListProductSearchProvider.php

@@ -35,6 +35,7 @@
 use Product;
 use Shop;
 use Symfony\Component\Translation\TranslatorInterface;
+use Validate;
 use WishList;
 
 /**
@@ -167,7 +168,10 @@ private function getProductsOrCount(
 
         if ('products' === $type) {
             $sortOrder = $query->getSortOrder()->toLegacyOrderBy(true);
-            $querySearch->orderBy($sortOrder . ' ' . $query->getSortOrder()->toLegacyOrderWay());
+            $sortWay = $query->getSortOrder()->toLegacyOrderWay();
+            if (Validate::isOrderBy($sortOrder) && Validate::isOrderWay($sortWay)) {
+                $querySearch->orderBy($sortOrder . ' ' . $sortWay);
+            }
             $querySearch->limit((int) $query->getResultsPerPage(), ((int) $query->getPage() - 1) * (int) $query->getResultsPerPage());
             $products = $this->db->executeS($querySearch);