From a64ad15719d23169eddd20d1202792a727cabe6c Mon Sep 17 00:00:00 2001
From: Andreas Hennings <andreas@dqxtech.net>
Date: Tue, 11 Feb 2014 23:35:28 +0100
Subject: [PATCH] CRM_Contribute_Page_ContributionPage: Robust handling of
 campaign ids.

---
 CRM/Contribute/Page/ContributionPage.php | 33 +++++++++++++++++-------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/CRM/Contribute/Page/ContributionPage.php b/CRM/Contribute/Page/ContributionPage.php
index 953f269c58..d0b0dbaf68 100644
--- a/CRM/Contribute/Page/ContributionPage.php
+++ b/CRM/Contribute/Page/ContributionPage.php
@@ -601,14 +601,12 @@ ORDER BY title asc
       $clauses[] = "title LIKE '" . strtolower(CRM_Core_DAO::escapeWildCardString($this->_sortByCharacter)) . "%'";
     }
 
-    // @todo Fatal typo: $campainIds vs $campaignIds.
-    $campainIds = $this->get('campaign_id');
-    if (!CRM_Utils_System::isNull($campainIds)) {
-      if (!is_array($campainIds)) {
-        // @todo Undefined variable $campaignIds, due to fatal typo above.
-        $campaignIds = array($campaignIds);
-      }
-      $clauses[] = '( campaign_id IN ( ' . implode(' , ', array_values($campainIds)) . ' ) )';
+    $campaignIds = $this->getCampaignIds();
+    if (count($campaignIds) > 1) {
+      $clauses[] = '( campaign_id IN ( ' . implode(' , ', $campaignIds) . ' ) )';
+    }
+    elseif (count($campaignIds) > 1) {
+      $clauses[] = '( campaign_id = ' . $campaignIds[0] . ')';
     }
 
     if (empty($clauses)) {
@@ -623,11 +621,28 @@ ORDER BY title asc
     return implode(' AND ', $clauses);
   }
 
+  /**
+   * Gets the campaign ids from the session.
+   *
+   * @return int[]
+   */
+  function getCampaignIds() {
+    // The unfiltered value from the session cannot be trusted, it needs to be
+    // processed to get a clean array of positive integers.
+    $ids = array();
+    foreach ((array)$this->get('campaign_id') as $id) {
+      if ((string)(int)$id === (string)$id && $id > 0) {
+        $ids[] = $id;
+      }
+    }
+    return $ids;
+  }
+
   /**
    * @param $whereClause
    * @param array $whereParams
    */
-  public function pager($whereClause, $whereParams) {
+  function pager($whereClause, $whereParams) {
 
     $params['status'] = ts('Contribution %%StatusMessage%%');
     $params['csvString'] = NULL;
-- 
2.25.1