CRM-21022 backport for 4.6

diff --git a/CRM/Report/Page/InstanceList.php b/CRM/Report/Page/InstanceList.php
index a52273268977297494a880330c5d293bd29dc057..2eae8122cdb63c0b8beeeffac0cc0d1b05fc26c6 100644 (file)
--- a/CRM/Report/Page/InstanceList.php
+++ b/CRM/Report/Page/InstanceList.php
@@ -86,8 +86,11 @@ class CRM_Report_Page_InstanceList extends CRM_Core_Page {
   public function &info() {
 
     $report = '';
+    $queryParams = array();
+
     if ($this->ovID) {
-      $report .= " AND v.id = {$this->ovID} ";
+      $report .= " AND v.id = %1 ";
+      $queryParams[1] = array($this->ovID, 'Integer');
     }
 
     if ($this->compID) {
@@ -96,7 +99,8 @@ class CRM_Report_Page_InstanceList extends CRM_Core_Page {
         $this->_compName = 'Contact';
       }
       else {
-        $report .= " AND v.component_id = {$this->compID} ";
+        $report .= " AND v.component_id = %2 ";
+        $queryParams[2] = array($this->compID, 'Integer');
         $cmpName = CRM_Core_DAO::getFieldValue('CRM_Core_DAO_Component', $this->compID,
           'name', 'id'
         );
@@ -107,7 +111,8 @@ class CRM_Report_Page_InstanceList extends CRM_Core_Page {
       }
     }
     elseif ($this->grouping) {
-      $report .= " AND v.grouping = '{$this->grouping}' ";
+      $report .= " AND v.grouping = %3 ";
+      $queryParams[3] = array($this->grouping, 'String');
     }
 
     $sql = "
@@ -127,12 +132,11 @@ class CRM_Report_Page_InstanceList extends CRM_Core_Page {
                  ON v.component_id = comp.id
 
           WHERE v.is_active = 1 {$report}
-                AND inst.domain_id = %1
+                AND inst.domain_id = %9
           ORDER BY  v.weight";
+    $queryParams[9] = array(CRM_Core_Config::domainID(), 'Integer');
 
-    $dao = CRM_Core_DAO::executeQuery($sql, array(
-      1 => array(CRM_Core_Config::domainID(), 'Integer'),
-    ));
+    $dao = CRM_Core_DAO::executeQuery($sql, $queryParams);
 
     $config = CRM_Core_Config::singleton();
     $rows = array();