From e6c1afbcf97e7080c0632ac9e2d60a6d10bd1a5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Freitag?= <mail@franek.fr>
Date: Tue, 7 Apr 2020 10:28:09 +0000
Subject: [PATCH] Tighten checks for invalid field name in ordering (#7259)

Django master removed the ORDER_PATTERN regex with commit
https://github.com/django/django/commit/513948735b799239f3ef8c89397592445e1a0cd5
---
 rest_framework/filters.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/rest_framework/filters.py b/rest_framework/filters.py
index c15723ec3..8ef01743c 100644
--- a/rest_framework/filters.py
+++ b/rest_framework/filters.py
@@ -8,7 +8,6 @@ from functools import reduce
 from django.core.exceptions import ImproperlyConfigured
 from django.db import models
 from django.db.models.constants import LOOKUP_SEP
-from django.db.models.sql.constants import ORDER_PATTERN
 from django.template import loader
 from django.utils.encoding import force_str
 from django.utils.translation import gettext_lazy as _
@@ -256,7 +255,13 @@ class OrderingFilter(BaseFilterBackend):
 
     def remove_invalid_fields(self, queryset, fields, view, request):
         valid_fields = [item[0] for item in self.get_valid_fields(queryset, view, {'request': request})]
-        return [term for term in fields if term.lstrip('-') in valid_fields and ORDER_PATTERN.match(term)]
+
+        def term_valid(term):
+            if term.startswith("-"):
+                term = term[1:]
+            return term in valid_fields
+
+        return [term for term in fields if term_valid(term)]
 
     def filter_queryset(self, request, queryset, view):
         ordering = self.get_ordering(request, queryset, view)