From 993c38485854f6f295fd06fe47fe59f0eb306519 Mon Sep 17 00:00:00 2001
From: Chris Burgess <chris@giantrobot.co.nz>
Date: Mon, 11 Apr 2016 21:07:02 +1200
Subject: [PATCH] CRM-17984. Ensure input for subtype is valid; if not then do
 not use it to filter custom fields.

---
 CRM/Core/BAO/CustomGroup.php | 38 ++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 13 deletions(-)

diff --git a/CRM/Core/BAO/CustomGroup.php b/CRM/Core/BAO/CustomGroup.php
index c8d2e8d600..e4caa8a689 100644
--- a/CRM/Core/BAO/CustomGroup.php
+++ b/CRM/Core/BAO/CustomGroup.php
@@ -441,10 +441,14 @@ LEFT JOIN civicrm_custom_field ON (civicrm_custom_field.custom_group_id = civicr
         $subTypeParts = explode(',', $subType);
         $subTypeClauses = array();
         foreach ($subTypeParts as $subTypePart) {
-          $subTypePart = CRM_Core_DAO::VALUE_SEPARATOR .
-            trim($subTypePart, CRM_Core_DAO::VALUE_SEPARATOR) .
-            CRM_Core_DAO::VALUE_SEPARATOR;
-          $subTypeClauses[] = "civicrm_custom_group.extends_entity_column_value LIKE '%$subTypePart%'";
+          // CRM-17984: Only filter by this input if valid.
+          $subTypePart = CRM_Utils_Type::escape(trim($subTypePart, CRM_Core_DAO::VALUE_SEPARATOR), 'Integer', FALSE);
+          if ($subTypePart) {
+            $subTypePart = CRM_Core_DAO::VALUE_SEPARATOR .
+              $subTypePart .
+              CRM_Core_DAO::VALUE_SEPARATOR;
+            $subTypeClauses[] = "civicrm_custom_group.extends_entity_column_value LIKE '%$subTypePart%'";
+          }
         }
 
         if ($onlySubType) {
@@ -456,19 +460,27 @@ LEFT JOIN civicrm_custom_field ON (civicrm_custom_field.custom_group_id = civicr
         }
       }
       else {
-        $subType = CRM_Core_DAO::VALUE_SEPARATOR .
-          trim($subType, CRM_Core_DAO::VALUE_SEPARATOR) .
-          CRM_Core_DAO::VALUE_SEPARATOR;
+        // CRM-17984: Only filter by this input if valid.
+        $subType = CRM_Utils_Type::escape(trim($subType, CRM_Core_DAO::VALUE_SEPARATOR), 'Integer', FALSE);
+        if ($subType) {
+          $subType = CRM_Core_DAO::VALUE_SEPARATOR .
+            $subType .
+            CRM_Core_DAO::VALUE_SEPARATOR;
 
-        if ($onlySubType) {
-          $subTypeClause = "( civicrm_custom_group.extends_entity_column_value LIKE '%$subType%' )";
-        }
-        else {
-          $subTypeClause = "( civicrm_custom_group.extends_entity_column_value LIKE '%$subType%'
-    OR    civicrm_custom_group.extends_entity_column_value IS NULL )";
+          if ($onlySubType) {
+            $subTypeClause = "( civicrm_custom_group.extends_entity_column_value LIKE '%$subType%' )";
+          }
+          else {
+            $subTypeClause = "( civicrm_custom_group.extends_entity_column_value LIKE '%$subType%'
+      OR    civicrm_custom_group.extends_entity_column_value IS NULL )";
+          }
         }
       }
 
+      if (empty($subTypeClause)) {
+        $subTypeClause = '1=1';
+      }
+
       $strWhere = "
 WHERE civicrm_custom_group.is_active = 1
   AND civicrm_custom_field.is_active = 1
-- 
2.25.1