From 0906de17549b2f129b0e97ae48b33f25f6393786 Mon Sep 17 00:00:00 2001
From: Mattias Michaux <mattias.michaux@gmail.com>
Date: Thu, 5 Nov 2015 23:10:54 +0100
Subject: [PATCH] Properly escaped participant roles.

---
 CRM/Event/BAO/Event.php       | 14 ++++++++------
 CRM/Event/BAO/Participant.php |  7 ++++++-
 CRM/Event/Form/Search.php     |  6 +++++-
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/CRM/Event/BAO/Event.php b/CRM/Event/BAO/Event.php
index ee8c0e0eb9..3830e0c291 100644
--- a/CRM/Event/BAO/Event.php
+++ b/CRM/Event/BAO/Event.php
@@ -632,13 +632,15 @@ $event_summary_limit
       if ($role) {
         $roleClause = 'IN';
       }
-      if (array_keys($roleTypes)) {
-        $roles = '"' . implode('","', array_keys($roleTypes)) . '"';
-      }
-      else {
-        $roles = 0;
+
+      if (!empty($roleTypes)) {
+        $escapedRoles = array();
+        foreach (array_keys($roleTypes) as $roleType) {
+          $escapedRoles[] = CRM_Utils_Type::escape($roleType, 'String');
+        }
+
+        $clause[] = 'participant.role_id {$roleClause} ( "' . implode('", "', $escapedRoles) . '" ) ';
       }
-      $clause[] = "participant.role_id {$roleClause} ( $roles )";
     }
 
     $sqlClause = '';
diff --git a/CRM/Event/BAO/Participant.php b/CRM/Event/BAO/Participant.php
index f8f6110d1b..70170ac9fc 100644
--- a/CRM/Event/BAO/Participant.php
+++ b/CRM/Event/BAO/Participant.php
@@ -383,7 +383,12 @@ class CRM_Event_BAO_Participant extends CRM_Event_DAO_Participant {
       $where[] = ' ( participant.is_test = 0 OR participant.is_test IS NULL ) ';
     }
     if (!empty($participantRoles)) {
-      $where[] = ' participant.role_id IN ( "' . implode('", "', array_keys($participantRoles)) . '" ) ';
+      $escapedRoles = array();
+      foreach (array_keys($participantRoles) as $participantRole) {
+        $escapedRoles[] = CRM_Utils_Type::escape($participantRole, 'String');
+      }
+
+      $where[] = ' participant.role_id IN ( "' . implode('", "', $escapedRoles) . '" ) ';
     }
 
     $eventParams = array(1 => array($eventId, 'Positive'));
diff --git a/CRM/Event/Form/Search.php b/CRM/Event/Form/Search.php
index 894b7478a5..e9419c8670 100644
--- a/CRM/Event/Form/Search.php
+++ b/CRM/Event/Form/Search.php
@@ -201,7 +201,11 @@ class CRM_Event_Form_Search extends CRM_Core_Form_Search {
           }
         }
         if (!empty($this->_formValues['participant_role_id'])) {
-          $seatClause[] = '( participant.role_id IN ( "' . implode('" , "', (array) $this->_formValues['participant_role_id']) . '" ) )';
+          $escapedRoles = array();
+          foreach ((array) $this->_formValues['participant_role_id'] as $participantRole) {
+            $escapedRoles[] = CRM_Utils_Type::escape($participantRole, 'String');
+          }
+          $seatClause[] = '( participant.role_id IN ( "' . implode('" , "', $escapedRoles) . '" ) )';
         }
 
         // CRM-15379
-- 
2.25.1