Skip to content
Snippets Groups Projects
Commit 4905d4b5 authored by Greeshma's avatar Greeshma
Browse files

Calendar feed action pull task sql injection fix

parent cafac40f
No related branches found
No related tags found
1 merge request!416Calendar_FetchAgendaEvents_sqlinjection_fix
Hide whitespace changes
Inline Side-by-side
modules/Calendar/actions/Feed.php
+ 5
3
View file @ 4905d4b5
......@@ -411,9 +411,11 @@ class Calendar_Feed_Action extends Vtiger_BasicAjax_Action {
$hideCompleted = $currentUser->get('hidecompletedevents');
if($hideCompleted)
$query.= "vtiger_activity.status != 'Completed' AND ";
$query.= " ((date_start >= '$start' AND due_date < '$end') OR ( due_date >= '$start'))";
$params = $userAndGroupIds;
$query.= " AND vtiger_crmentity.smownerid IN (".generateQuestionMarks($params).")";
$query.= " ((date_start >= ? AND due_date < ? ) OR ( due_date >= ? ))";
$params=array($start,$end,$start);
$userIds = $userAndGroupIds;
$query.= " AND vtiger_crmentity.smownerid IN (".generateQuestionMarks($userIds).")";
$params=array_merge($params,$userIds);
$queryResult = $db->pquery($query,$params);
while($record = $db->fetchByAssoc($queryResult)){
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.