Change the treatment of ORDER BY. Except as noted, these changes

Change the treatment of ORDER BY.  Except as noted, these changes
apply only to methods other than json_query.

1. Allow the use of array syntax for specifying an ORDER BY clause
as an array of field specifications, such as can be used in json_query.
The older syntax, using a hash based on class name, is still
available.

2. For json_query, using the array syntax: relax the requirement that a
class be in scope.  A field from an out-of-scope class will now be
silently ignored.  This change avoids certain problems with fleshing
queries, which use the same order_by array at multiple levels.

3. For the hash syntax: relax the requirement that the class be
referenced in the SELECT clause.  Now it suffices that it be in
scope in the generated SQL.  As a result, you can now sort by a
column in a joined class without artificially including that column
in the SELECT list.

4. When all or part of an ORDER BY clause is expressed as a string
literal: require that the string not contain any semicolons, in order
to block certain kinds of SQL injection.  This measure could create
problems if a semicolon appears within a quoted string -- which is
possible in theory but highly improbable in practice.

5. Don't include a virtual field in an ORDER BY clause.  If one is
specified, silently ignore it.

M    Open-ILS/src/c-apps/oils_sql.c

git-svn-id: svn://svn.open-ils.org/ILS/branches/rel_2_0@18325 dcc99617-32d9-48b4-a31d-7c20da2025e4