From 91209206f7a0f7ca9085ce1009d4066faeefff53 Mon Sep 17 00:00:00 2001
From: yashodha <yashodha.chaku@webaccessglobal.com>
Date: Mon, 23 May 2016 16:12:29 +0530
Subject: [PATCH] CRM-18655: Selected id's not escaped properly

----------------------------------------
* CRM-18655: Selected id's not escaped properly
  https://issues.civicrm.org/jira/browse/CRM-18655
---
 CRM/Contact/Page/AJAX.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php
index d39afc5da3..93111583ed 100644
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -922,6 +922,7 @@ LIMIT {$offset}, {$rowCount}
         foreach ($elements as $key => $element) {
           $elements[$key] = self::_convertToId($element);
         }
+        CRM_Utils_Type::escapeAll($elements, 'Integer');
         CRM_Core_BAO_PrevNextCache::markSelection($cacheKey, $actionToPerform, $elements);
       }
       else {
@@ -930,6 +931,7 @@ LIMIT {$offset}, {$rowCount}
     }
     elseif ($variableType == 'single') {
       $cId = self::_convertToId($name);
+      CRM_Utils_Type::escape($cId, 'Integer');
       $action = ($state == 'checked') ? 'select' : 'unselect';
       CRM_Core_BAO_PrevNextCache::markSelection($cacheKey, $action, $cId);
     }
-- 
2.25.1