diff --git a/program/views.py b/program/views.py
index 480307cefe3b5173cef7b7ab6ae106ab765d18ee..156553072b39cc5151be7b26a76d98bc09bf71bf 100644
--- a/program/views.py
+++ b/program/views.py
@@ -535,10 +535,17 @@ class APITimeSlotViewSet(viewsets.ModelViewSet):
             start = datetime.combine(datetime.strptime(self.request.query_params.get('start'), '%Y-%m-%d').date(), time(0, 0))
             end = datetime.combine(datetime.strptime(self.request.query_params.get('end'), '%Y-%m-%d').date(), time(23, 59))
 
-        # Is this safe?
-        order = self.request.query_params.get('order', '-start')
+        default_order = '-start'
+        order = self.request.query_params.get('order', default_order)
 
-        if ('surrounding' in self.request.query_params):
+        # If someone tries to sort by a field that isn't available on the model
+        # we silently ignore that and use the default sort order.
+        model_fields = [field.name for field in TimeSlot._meta.get_fields()]
+        if order not in model_fields:
+            order = default_order
+
+
+        if 'surrounding' in self.request.query_params:
             today = datetime.today()
 
             nearest_timeslots_in_future = TimeSlot.objects.filter(start__gte=today).order_by('start').values_list('id', flat=True)[:5]