diff --git a/admin/configuration.php b/admin/configuration.php
index 9e8cc5268..caed2a1bc 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -161,6 +161,8 @@ if (isset($_POST['submit']))
       {
         if ( !empty($_POST['order_by']) )
         {
+          check_input_parameter('order_by', $_POST, true, '/^('.implode('|', array_keys($sort_fields)).')$/');
+
           $used = array();
           foreach ($_POST['order_by'] as $i => $val)
           {