}
}
elseif (trim($input['sort'])) {
- $order = " ORDER BY {$input['sort']}";
+ $sort = CRM_Utils_Type::escape($input['sort'], 'String');
+ $order = " ORDER BY $sort ";
}
}
$orderBy = ' ORDER BY batch.id desc';
if (!empty($params['sort'])) {
- $orderBy = ' ORDER BY ' . $params['sort'];
+ $orderBy = ' ORDER BY ' . CRM_Utils_Type::escape($params['sort'], 'String');
}
$query = "
}
$orderBy = " ORDER BY civicrm_financial_trxn.id";
- if (CRM_Utils_Array::value('sort', $params)) {
- $orderBy = ' ORDER BY ' . CRM_Utils_Array::value('sort', $params);
+ if (!empty($params['sort'])) {
+ $orderBy = ' ORDER BY ' . CRM_Utils_Type::escape($params['sort'], 'String');
}
$from = "civicrm_financial_trxn
$orderBy = " ORDER BY overdue_date ASC, display_date DESC, weight DESC";
}
else {
- $orderBy = " ORDER BY {$sortname} {$sortorder}";
+ $sort = "{$sortname} {$sortorder}";
+ $sort = CRM_Utils_Type::escape($sort, 'String');
+ $orderBy = " ORDER BY $sort ";
if ($sortname != 'display_date') {
$orderBy .= ', display_date DESC';
}
}
$orderBy = ' ORDER BY groups.title asc';
- if (CRM_Utils_Array::value('sort', $params)) {
- $orderBy = ' ORDER BY ' . CRM_Utils_Array::value('sort', $params);
+ if (!empty($params['sort'])) {
+ $orderBy = ' ORDER BY ' . CRM_Utils_Type::escape($params['sort'], 'String');
}
$select = $from = $where = "";
// Define ORDER BY for query in $sort, with default value
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {
function addSortOffset(&$sql, $offset, $rowcount, $sort) {
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {
// Define ORDER BY for query in $sort, with default value
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {
if (!$justIDs) {
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {
// Define ORDER BY for query in $sort, with default value
if (!empty($sort)) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$sql .= " ORDER BY $sort ";
}
else {
if (!$newTrxn) {
$condition = " AND ((ceft1.entity_table IS NOT NULL) OR (cft.payment_instrument_id IS NOT NULL AND ceft1.entity_table IS NULL)) ";
}
+
+ if ($orderBy) {
+ $orderBy = CRM_Utils_Type::escape($orderBy, 'String');
+ }
+
$query = "SELECT ceft.id, ceft.financial_trxn_id FROM `civicrm_financial_trxn` cft
-LEFT JOIN civicrm_entity_financial_trxn ceft
+LEFT JOIN civicrm_entity_financial_trxn ceft
ON ceft.financial_trxn_id = cft.id AND ceft.entity_table = 'civicrm_contribution'
LEFT JOIN civicrm_entity_financial_trxn ceft1
ON ceft1.financial_trxn_id = cft.id AND ceft1.entity_table = 'civicrm_financial_item'
WHERE ceft.entity_id = %1 AND (cfi.entity_table <> 'civicrm_financial_trxn' or cfi.entity_table is NULL)
{$condition}
ORDER BY cft.id {$orderBy}
-LIMIT 1;";
-
+LIMIT 1;";
+
$params = array(1 => array($entity_id, 'Integer'));
$dao = CRM_Core_DAO::executeQuery($query, $params);
if ($dao->fetch()) {
static function getFinancialTrxnTotal($entity_id) {
$query = "
SELECT (ft.amount+SUM(ceft.amount)) AS total FROM civicrm_entity_financial_trxn AS ft
-LEFT JOIN civicrm_entity_financial_trxn AS ceft ON ft.financial_trxn_id = ceft.entity_id
+LEFT JOIN civicrm_entity_financial_trxn AS ceft ON ft.financial_trxn_id = ceft.entity_id
WHERE ft.entity_table = 'civicrm_contribution' AND ft.entity_id = %1
";
static function getFinancialTrxnLineTotal($entity_id, $entity_table = 'civicrm_contribution') {
$query = "SELECT lt.price_field_value_id AS id, ft.financial_trxn_id,ft.amount AS amount FROM civicrm_entity_financial_trxn AS ft
LEFT JOIN civicrm_financial_item AS fi ON fi.id = ft.entity_id AND fi.entity_table = 'civicrm_line_item' AND ft.entity_table = 'civicrm_financial_item'
-LEFT JOIN civicrm_line_item AS lt ON lt.id = fi.entity_id AND lt.entity_table = %2
+LEFT JOIN civicrm_line_item AS lt ON lt.id = fi.entity_id AND lt.entity_table = %2
WHERE lt.entity_id = %1 ";
$sqlParams = array(1 => array($entity_id, 'Integer'), 2 => array($entity_table, 'String'));
*/
static function deleteFinancialTrxn($entity_id) {
$query = "DELETE ceft1, cfi, ceft, cft FROM `civicrm_financial_trxn` cft
-LEFT JOIN civicrm_entity_financial_trxn ceft
+LEFT JOIN civicrm_entity_financial_trxn ceft
ON ceft.financial_trxn_id = cft.id AND ceft.entity_table = 'civicrm_contribution'
LEFT JOIN civicrm_entity_financial_trxn ceft1
ON ceft1.financial_trxn_id = cft.id AND ceft1.entity_table = 'civicrm_financial_item'
-LEFT JOIN civicrm_financial_item cfi
+LEFT JOIN civicrm_financial_item cfi
ON ceft1.entity_table = 'civicrm_financial_item' and cfi.id = ceft1.entity_id
WHERE ceft.entity_id = %1";
CRM_Core_DAO::executeQuery($query, array(1 => array($entity_id, 'Integer')));
if ((!CRM_Utils_Array::value('financial_type_id', $params) || !CRM_Utils_Array::value('contributionId', $params)) && !CRM_Utils_Array::value('oldPremium', $params)) {
return;
}
-
+
if (CRM_Utils_Array::value('cost', $params)) {
$contributionStatuses = CRM_Contribute_PseudoConstant::contributionStatus(NULL, 'name');
$financialAccountType = CRM_Contribute_PseudoConstant::financialAccountType($params['financial_type_id']);
$params['trxnParams']['from_financial_account_id'] = $params['to_financial_account_id'];
$params['trxnParams']['to_financial_account_id'] = $financialAccount;
$params['trxnParams']['total_amount'] = $amount;
- $params['trxnParams']['fee_amount'] =
+ $params['trxnParams']['fee_amount'] =
$params['trxnParams']['net_amount'] = 0;
$params['trxnParams']['status_id'] = CRM_Core_OptionGroup::getValue('contribution_status','Completed','name');
$params['trxnParams']['contribution_id'] = isset($params['contribution']->id) ? $params['contribution']->id : $params['contribution_id'];
$financialTrxnID = CRM_Core_BAO_FinancialTrxn::getFinancialTrxnId($params['trxnParams']['contribution_id'], 'DESC');
$params['entity_id'] = $financialTrxnID['financialTrxnId'];
}
- $fItemParams =
+ $fItemParams =
array(
'financial_account_id' => $financialAccount,
'contact_id' => CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Domain', $domainId, 'contact_id'),
$orderBy = "sort_name ASC, {$bounce}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
$orderBy = "sort_name ASC, {$delivered}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
$orderBy = "sort_name ASC, {$forward}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
if (!empty($job_id)) {
$query .= " AND $job.id = " . CRM_Utils_Type::escape($job_id, 'Integer');
}
-
+
if (!empty($contact_id)) {
$query .= " AND $contact.id = " . CRM_Utils_Type::escape($contact_id, 'Integer');
}
-
+
if ($is_distinct) {
$query .= " GROUP BY $queue.id ";
}
$orderBy = "sort_name ASC, {$open}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
public static function getEmailAddress($queue_id) {
$email = CRM_Core_BAO_Email::getTableName();
$eq = self::getTableName();
- $query = " SELECT $email.email as email
- FROM $email
- INNER JOIN $eq
- ON $eq.email_id = $email.id
+ $query = " SELECT $email.email as email
+ FROM $email
+ INNER JOIN $eq
+ ON $eq.email_id = $email.id
WHERE $eq.id = " . CRM_Utils_Type::rule($queue_id, 'Integer');
$q = new CRM_Mailing_Event_BAO_Queue();
$orderBy = "sort_name ASC, {$job}.start_date DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
$orderBy = "sort_name ASC, {$reply}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
$orderBy = "sort_name ASC, {$click}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {
$orderBy = "sort_name ASC, {$unsub}.time_stamp DESC";
if ($sort) {
if (is_string($sort)) {
+ $sort = CRM_Utils_Type::escape($sort, 'String');
$orderBy = $sort;
}
else {