diff --git a/frappe/__init__.py b/frappe/__init__.py
index a717c7c6ed..097134b996 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -13,7 +13,7 @@ import os, sys, importlib, inspect, json
 from .exceptions import *
 from .utils.jinja import get_jenv, get_template, render_template
 
-__version__ = '7.2.24'
+__version__ = '7.2.25'
 __title__ = "Frappe Framework"
 
 local = Local()
diff --git a/frappe/model/db_query.py b/frappe/model/db_query.py
index d64eef4976..f7ea70c2db 100644
--- a/frappe/model/db_query.py
+++ b/frappe/model/db_query.py
@@ -10,7 +10,7 @@ import frappe.share
 import frappe.permissions
 from frappe.utils import flt, cint, getdate, get_datetime, get_time, make_filter_tuple, get_filter, add_to_date
 from frappe import _
-from frappe.model import optional_fields
+from frappe.model import optional_fields, default_fields
 from frappe.model.utils.list_settings import get_list_settings, update_list_settings
 
 class DatabaseQuery(object):
@@ -136,11 +136,12 @@ class DatabaseQuery(object):
 		self.set_field_tables()
 
 		args.fields = ', '.join(self.fields)
-
-		self.set_order_by(args)
-		self.check_sort_by_table(args.order_by)
+		meta = frappe.get_meta(self.doctype)
+		self.set_order_by(args, meta)
+		self.validate_order_by_and_group_by_params(args.order_by, meta)
 		args.order_by = args.order_by and (" order by " + args.order_by) or ""
 
+		self.validate_order_by_and_group_by_params(self.group_by, meta)
 		args.group_by = self.group_by and (" group by " + self.group_by) or ""
 
 		return args
@@ -441,8 +442,7 @@ class DatabaseQuery(object):
 			query = query.replace('%(key)s', 'name')
 		return frappe.db.sql(query, as_dict = (not self.as_list))
 
-	def set_order_by(self, args):
-		meta = frappe.get_meta(self.doctype)
+	def set_order_by(self, args, meta):
 		if self.order_by:
 			args.order_by = self.order_by
 		else:
@@ -475,13 +475,26 @@ class DatabaseQuery(object):
 				if meta.is_submittable:
 					args.order_by = "`tab{0}`.docstatus asc, {1}".format(self.doctype, args.order_by)
 
-	def check_sort_by_table(self, order_by):
-		if "." in order_by:
-			tbl = order_by.split('.')[0]
-			if tbl not in self.tables:
-				if tbl.startswith('`'):
-					tbl = tbl[4:-1]
-				frappe.throw(_("Please select atleast 1 column from {0} to sort").format(tbl))
+	def validate_order_by_and_group_by_params(self, parameters, meta):
+		"""
+			Clause cases:
+				1. check for . to split table and columns and check for `tab prefix
+				2. elif check field in meta
+		"""
+		if not parameters:
+			return
+
+		for field in parameters.split(","):
+			if "." in field and field.strip().startswith("`tab"):
+				tbl = field.strip().split('.')[0]
+				if tbl not in self.tables:
+					if tbl.startswith('`'):
+						tbl = tbl[4:-1]
+					frappe.throw(_("Please select atleast 1 column from {0} to sort/group").format(tbl))
+			else:
+				field = field.strip().split(' ')[0]
+				if field not in [f.fieldname for f in meta.fields] and field not in (default_fields + optional_fields):
+					frappe.throw(_("Invalid field used to sort/group: {0}").format(field))
 
 	def add_limit(self):
 		if self.limit_page_length:
diff --git a/frappe/public/js/frappe/ui/listing.js b/frappe/public/js/frappe/ui/listing.js
index 1790443efd..6a08015f6d 100644
--- a/frappe/public/js/frappe/ui/listing.js
+++ b/frappe/public/js/frappe/ui/listing.js
@@ -413,7 +413,7 @@ frappe.ui.Listing = Class.extend({
 		query += ' LIMIT ' + this.start + ',' + (this.page_length+1);
 		return query
 	},
-	set_filter: function(parent, fieldname, label, no_run, no_duplicate) {
+	set_filter: function(fieldname, label, no_run, no_duplicate, parent) {
 		var filter = this.filter_list.get_filter(fieldname);
 		doctype = parent && this.doctype != parent? parent: this.doctype
 
diff --git a/frappe/public/js/frappe/views/reports/reportview.js b/frappe/public/js/frappe/views/reports/reportview.js
index 4b2f14161f..7eacd88f9b 100644
--- a/frappe/public/js/frappe/views/reports/reportview.js
+++ b/frappe/public/js/frappe/views/reports/reportview.js
@@ -350,7 +350,7 @@ frappe.views.ReportView = frappe.ui.Listing.extend({
 		});
 
 		if(!filter_set) {
-			this.set_filter(parent, fieldname, value);
+			this.set_filter(fieldname, value, false, false, parent);
 		} else {
 			var df = frappe.meta.get_docfield(parent, fieldname);
 			if(df.fieldtype==='Link') {