SavedSearch API - Only accept safe inputs

author Tim Otten <totten@civicrm.org>

Tue, 29 Oct 2019 01:55:18 +0000 (18:55 -0700)

committer Seamus Lee <seamuslee001@gmail.com>

Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)
author Tim Otten <totten@civicrm.org>
Tue, 29 Oct 2019 01:55:18 +0000 (18:55 -0700)
committer Seamus Lee <seamuslee001@gmail.com>
Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)
diff --git a/api/v3/SavedSearch.php b/api/v3/SavedSearch.php

index a379b7f4a4a2703adc999b13d15cac1bf5692911..3146cda4eac75bb957f4bbfcbeab69423919bff9 100644 (file)
--- a/api/v3/SavedSearch.php
+++ b/api/v3/SavedSearch.php
@@ -57,7 +57,7 @@ function civicrm_api3_saved_search_create($params) {
      }
      else {
        // Assume that form_values is serialized.
-      $params["formValues"] = CRM_Utils_String::unserialize($params["form_values"]);
+      $params["formValues"] = \CRM_Utils_String::unserialize($params["form_values"]);
      }
    }
  
@@ -109,7 +109,7 @@ function _civicrm_api3_saved_search_result_cleanup(&$result) {
      // Only clean up the values if there are values. (A getCount operation
      // for example does not return values.)
      foreach ($result['values'] as $key => $value) {
-      $result['values'][$key]['form_values'] = CRM_Utils_String::unserialize($value['form_values']);
+      $result['values'][$key]['form_values'] = \CRM_Utils_String::unserialize($value['form_values']);
      }
    }
  }
author	Tim Otten <totten@civicrm.org>
	Tue, 29 Oct 2019 01:55:18 +0000 (18:55 -0700)
committer	Seamus Lee <seamuslee001@gmail.com>
	Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)