}
$transaction = new CRM_Core_Transaction();
+ $sqlWhereParams = $where = [];
if (isset($params['source_record_id']) && is_array($params['source_record_id'])) {
$sourceRecordIds = implode(',', $params['source_record_id']);
}
$sourceRecordIds = $params['source_record_id'] ?? NULL;
}
+ if ($sourceRecordIds) {
+ $where[] = 'source_record_id IN ( %1 )';
+ $sqlWhereParams[1] = [$sourceRecordIds, 'CommaSeparatedIntegers'];
+ }
$result = NULL;
if (!$moveToTrash) {
if (!isset($params['id'])) {
- if (is_array($params['activity_type_id'])) {
- $activityTypes = implode(',', $params['activity_type_id']);
- }
- else {
- $activityTypes = $params['activity_type_id'];
+ if (!empty($params['activity_type_id'])) {
+ $where[] = 'activity_type_id IN ( %2 )';
+ $sqlWhereParams[2] = [implode(',', (array) $params['activity_type_id']), 'CommaSeparatedIntegers'];
}
-
- $query = "DELETE FROM civicrm_activity WHERE source_record_id IN ({$sourceRecordIds}) AND activity_type_id IN ( {$activityTypes} )";
- $dao = CRM_Core_DAO::executeQuery($query);
+ $query = "DELETE FROM civicrm_activity WHERE " . implode(' AND ', $where);
+ $dao = CRM_Core_DAO::executeQuery($query, $sqlWhereParams);
}
else {
$activity = new CRM_Activity_DAO_Activity();
$activity->case_id = CRM_Case_BAO_Case::getCaseIdByActivityId($activity->id);
// CRM-13994 delete activity entity_tag
- $query = "DELETE FROM civicrm_entity_tag WHERE entity_table = 'civicrm_activity' AND entity_id = {$activity->id}";
- $dao = CRM_Core_DAO::executeQuery($query);
+ $query = "DELETE FROM civicrm_entity_tag WHERE entity_table = 'civicrm_activity' AND entity_id = %1";
+ $dao = CRM_Core_DAO::executeQuery($query, [1 => [$activity->id, 'Positive']]);
}
}
else {
$queryParams[6] = ['%' . trim($params['description']) . '%', 'String'];
}
if (!empty($params['campaign_type_id'])) {
- $typeId = $params['campaign_type_id'];
- if (is_array($params['campaign_type_id'])) {
- $typeId = implode(' , ', $params['campaign_type_id']);
- }
- $where[] = "( campaign.campaign_type_id IN ( {$typeId} ) )";
+ $where[] = "( campaign.campaign_type_id IN ( %7 ) )";
+ $queryParams[7] = [implode(',', (array) $params['campaign_type_id']), 'CommaSeparatedIntegers'];
}
if (!empty($params['status_id'])) {
- $statusId = $params['status_id'];
- if (is_array($params['status_id'])) {
- $statusId = implode(' , ', $params['status_id']);
- }
- $where[] = "( campaign.status_id IN ( {$statusId} ) )";
+ $where[] = "( campaign.status_id IN ( %8 ) )";
+ $queryParams[8] = [implode(',', (array) $params['status_id']), 'CommaSeparatedIntegers'];
}
if (array_key_exists('is_active', $params)) {
$active = "( campaign.is_active = 1 )";
'id', 'contact_id',
'Database check for created activity target.'
);
+
+ $paramOptions = ['0))+and+0+--+-f', ['0))+and+0+--+-f']];
+ $paramField = ['source_record_id', 'activity_type_id'];
+ foreach ($paramField as $field) {
+ foreach ($paramOptions as $paramOption) {
+ $params = [
+ $field => $paramOption,
+ ];
+ try {
+ CRM_Activity_BAO_Activity::deleteActivity($params);
+ }
+ catch (Exception $e) {
+ if ($e->getMessage() === 'DB Error: syntax error') {
+ $this->fail('Delete Activity function did not validate field: ' . $field);
+ }
+ }
+ }
+ }
$params = [
'source_contact_id' => $contactId,
'source_record_id' => $contactId,
--- /dev/null
+<?php
+
+/*
+ +--------------------------------------------------------------------+
+ | Copyright CiviCRM LLC. All rights reserved. |
+ | |
+ | This work is published under the GNU AGPLv3 license with some |
+ | permitted exceptions and without any warranty. For full license |
+ | and copyright information, see https://civicrm.org/licensing |
+ +--------------------------------------------------------------------+
+ */
+
+/**
+ *
+ * @package CRM
+ * @copyright CiviCRM LLC https://civicrm.org/licensing
+ */
+
+class CRM_Campaign_BAO_CampaignTest extends CiviUnitTestCase {
+
+ public function testCampaignSummary() {
+ $loggedInContact = $this->createLoggedInUser();
+ $contact = $this->individualCreate();
+ $this->callAPISuccess('Campaign', 'create', [
+ 'title' => 'CiviCRM Unit Test Campaign',
+ 'campaign_type_id' => 'Direct Mail',
+ 'status_id' => 'In Progress',
+ ]);
+ try {
+ CRM_Campaign_BAO_Campaign::getCampaignSummary(['status_id' => '0))+and+0+--+-f']);
+ $this->fail('Campaign Summary should have validated the status_id');
+ }
+ catch (Exception $e) {
+ if ($e->getMessage() === 'DB Error: syntax error') {
+ $this->fail('Campaign Summary should have validated the status_id');
+ }
+ }
+ $this->assertEquals(1, CRM_Campaign_BAO_Campaign::getCampaignSummary(['status_id' => 2], TRUE));
+ $this->assertEquals(1, CRM_Campaign_BAO_Campaign::getCampaignSummary(['status_id' => [2, 3]], TRUE));
+ }
+
+}
projects / civicrm-core.git / commitdiff