From 8ecf1d74233afdc6439d2a22a6ffb31142604b44 Mon Sep 17 00:00:00 2001 From: Seamus Lee Date: Wed, 16 Nov 2016 14:26:53 +1100 Subject: [PATCH] CRM-19562 --- CRM/Contact/BAO/Query.php | 1 + tests/phpunit/CRM/Contact/BAO/QueryTest.php | 28 +++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/CRM/Contact/BAO/Query.php b/CRM/Contact/BAO/Query.php index db5ab176e9..6a94a784f1 100644 --- a/CRM/Contact/BAO/Query.php +++ b/CRM/Contact/BAO/Query.php @@ -3500,6 +3500,7 @@ WHERE $smartGroupClause $contactIds[] = substr($values[0], CRM_Core_Form::CB_PREFIX_LEN); } } + CRM_Utils_Type::validateAll($contactIds, 'Positive'); if (!empty($contactIds)) { $this->_where[0][] = " ( contact_a.id IN (" . implode(',', $contactIds) . " ) ) "; } diff --git a/tests/phpunit/CRM/Contact/BAO/QueryTest.php b/tests/phpunit/CRM/Contact/BAO/QueryTest.php index c183636153..1d56eff01f 100644 --- a/tests/phpunit/CRM/Contact/BAO/QueryTest.php +++ b/tests/phpunit/CRM/Contact/BAO/QueryTest.php @@ -191,4 +191,32 @@ class CRM_Contact_BAO_QueryTest extends CiviUnitTestCase { } } + /** + * CRM-19562 ensure that only ids are used for contactid searching. + */ + public function testContactIDClause() { + $params = array( + array("mark_x_93980", "=", 1, 0, 0), + array("mark_x_foo@example.com", "=", 1, 0, 0), + ); + $returnProperties = array( + "sort_name" => 1, + "email" => 1, + "do_not_email" => 1, + "is_deceased" => 1, + "on_hold" => 1, + "display_name" => 1, + "preferred_mail_format" => 1, + ); + $numberofContacts = 2; + $query = new CRM_Contact_BAO_Query($params, $returnProperties); + try { + $query->apiQuery($params, $returnProperties, NULL, NULL, 0, $numberofContacts); + } + catch (Exception $e) { + $this->assertEquals("A fatal error was triggered: One of parameters (value: foo@example.com) is not of the type Positive", + $e->getMessage()); + } + } + } -- 2.25.1