Index: invite_admin.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/invite/invite_admin.inc,v
retrieving revision 1.3.2.2
diff -u -p -r1.3.2.2 invite_admin.inc
--- invite_admin.inc	19 Apr 2009 21:26:01 -0000	1.3.2.2
+++ invite_admin.inc	24 Apr 2009 11:07:41 -0000
@@ -285,6 +285,12 @@ function invite_admin_details($account) 
   }
   $sql  = "SELECT i.email, i.invitee AS uid, u.name, i.created, i.expiry, i.joined, i.canceled FROM {invite} i LEFT JOIN {users} u ON u.uid = i.invitee AND u.uid <> 0 WHERE i.uid = %d". $filter;
   $sql .= tablesort_sql($header);
+
+  $username_field = $header[1]['field'];
+  $username_escaped = preg_replace('/[^A-Za-z0-9_.]+/', '', $username_field);
+  $status_sort_escaped = preg_replace('/[^A-Za-z0-9_.]+/', '', $status_sort);
+  $sql = str_replace(array($username_escaped, $status_sort_escaped), array($username_field, $status_sort), $sql); 
+
   $result = pager_query($sql, 50, 0, NULL, $account->uid, $filter_args);
   $rows = array();