From: Mattias Michaux Date: Mon, 25 Apr 2016 21:44:24 +0000 (+0200) Subject: Extra ajax fixes. X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=21cbcba8dd3863c4b415f461c7f6a8b8f88b333d;p=civicrm-core.git Extra ajax fixes. --- diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php index cd97123088..e4c8d75275 100644 --- a/CRM/Contact/Page/AJAX.php +++ b/CRM/Contact/Page/AJAX.php @@ -892,8 +892,10 @@ LIMIT {$offset}, {$rowCount} INNER JOIN civicrm_prevnext_cache old on cpc.id = old.id SET cpc.entity_id1 = cpc.entity_id2, cpc.entity_id2 = old.entity_id1 "; if (is_array($prevNextId) && !CRM_Utils_Array::crmIsEmptyArray($prevNextId)) { + foreach ($prevNextId as $id) { + CRM_Utils_Type::escape($id, 'Positive'); + } $prevNextId = implode(', ', $prevNextId); - $prevNextId = CRM_Utils_Type::escape($prevNextId, 'String'); $query .= "WHERE cpc.id IN ({$prevNextId}) AND cpc.is_selected = 1"; } else { @@ -991,8 +993,10 @@ LIMIT {$offset}, {$rowCount} //check pnid is_array or integer $whereClause = NULL; if (is_array($pnid) && !CRM_Utils_Array::crmIsEmptyArray($pnid)) { + foreach ($pnid as $id) { + CRM_Utils_Type::escape($id, 'Positive'); + } $pnid = implode(', ', $pnid); - $pnid = CRM_Utils_Type::escape($pnid, 'String'); $whereClause = " id IN ( {$pnid} ) "; } else {