From 21cbcba8dd3863c4b415f461c7f6a8b8f88b333d Mon Sep 17 00:00:00 2001
From: Mattias Michaux <mattias.michaux@gmail.com>
Date: Mon, 25 Apr 2016 23:44:24 +0200
Subject: [PATCH] Extra ajax fixes.

---
 CRM/Contact/Page/AJAX.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index cd97123088..e4c8d75275 100644
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -892,8 +892,10 @@ LIMIT {$offset}, {$rowCount}
       INNER JOIN civicrm_prevnext_cache old on cpc.id = old.id
       SET cpc.entity_id1 = cpc.entity_id2, cpc.entity_id2 = old.entity_id1 ";
     if (is_array($prevNextId) && !CRM_Utils_Array::crmIsEmptyArray($prevNextId)) {
+      foreach ($prevNextId as $id) {
+        CRM_Utils_Type::escape($id, 'Positive');
+      }
       $prevNextId = implode(', ', $prevNextId);
-      $prevNextId = CRM_Utils_Type::escape($prevNextId, 'String');
       $query     .= "WHERE cpc.id IN ({$prevNextId}) AND cpc.is_selected = 1";
     }
     else {
@@ -991,8 +993,10 @@ LIMIT {$offset}, {$rowCount}
     //check pnid is_array or integer
     $whereClause = NULL;
     if (is_array($pnid) && !CRM_Utils_Array::crmIsEmptyArray($pnid)) {
+      foreach ($pnid as $id) {
+        CRM_Utils_Type::escape($id, 'Positive');
+      }
       $pnid = implode(', ', $pnid);
-      $pnid = CRM_Utils_Type::escape($pnid, 'String');
       $whereClause = " id IN ( {$pnid} ) ";
     }
     else {
-- 
2.25.1