From 7c99af4f1104cecef61095d142fa19d181790cb9 Mon Sep 17 00:00:00 2001 From: aydun Date: Sun, 11 Oct 2015 14:24:22 +0100 Subject: [PATCH] Fix for CRM-16203 --- CRM/Report/Form.php | 2 ++ CRM/Utils/Type.php | 12 ++++++++++++ 2 files changed, 14 insertions(+) diff --git a/CRM/Report/Form.php b/CRM/Report/Form.php index af72c422ec..a77494857e 100644 --- a/CRM/Report/Form.php +++ b/CRM/Report/Form.php @@ -1740,6 +1740,7 @@ class CRM_Report_Form extends CRM_Core_Form { // mhas == multiple has if ($value !== NULL && count($value) > 0) { $sqlOP = $this->getSQLOperator($op); + $value = CRM_Utils_Type::escapeAll($value, $type); $clause = "{$field['dbAlias']} REGEXP '[[:cntrl:]]" . implode('|', $value) . "[[:cntrl:]]'"; @@ -1750,6 +1751,7 @@ class CRM_Report_Form extends CRM_Core_Form { // mnot == multiple is not one of if ($value !== NULL && count($value) > 0) { $sqlOP = $this->getSQLOperator($op); + $value = CRM_Utils_Type::escapeAll($value, $type); $clause = "( {$field['dbAlias']} NOT REGEXP '[[:cntrl:]]" . implode('|', $value) . "[[:cntrl:]]' OR {$field['dbAlias']} IS NULL )"; diff --git a/CRM/Utils/Type.php b/CRM/Utils/Type.php index 81efac86b0..f5d0bc1b9e 100644 --- a/CRM/Utils/Type.php +++ b/CRM/Utils/Type.php @@ -142,6 +142,18 @@ class CRM_Utils_Type { return (isset($string)) ? $string : ""; } + /** + * Helper function to call escape on arrays + * + * @see escape + */ + public static function escapeAll($data, $type, $abort = TRUE) { + foreach ($data as $key => $value) { + $data[$key] = CRM_Utils_Type::escape($value, $type, $abort); + } + return $data; + } + /** * Verify that a variable is of a given type, and apply a bit of processing. * -- 2.25.1