diff --git a/data/CRMEntity.php b/data/CRMEntity.php
old mode 100755
new mode 100644
diff --git a/include/utils/VtlibUtils.php b/include/utils/VtlibUtils.php
index 30d15bca837f2781e70ab6ef6cccaafb781829c2..51b35ba0e2341e08956629c2ba7d40b93f9fb4ba 100644
--- a/include/utils/VtlibUtils.php
+++ b/include/utils/VtlibUtils.php
@@ -827,4 +827,4 @@ function vtlib_addSettingsLink($linkName, $linkURL, $blockName = false) {
return $success;
}
-?>
+?>
\ No newline at end of file
diff --git a/modules/Campaigns/models/Relation.php b/modules/Campaigns/models/Relation.php
index f58e05b28944f3b6165c43118c6b41282614f015..6185d4a14fadae33e819cd52b453cb6b5fe05cb7 100644
--- a/modules/Campaigns/models/Relation.php
+++ b/modules/Campaigns/models/Relation.php
@@ -53,12 +53,16 @@ class Campaigns_Relation_Model extends Vtiger_Relation_Model {
$tableName = $emailEnabledModulesInfo[$relatedModuleName]['tableName'];
$db = PearDatabase::getInstance();
+ $paramArray = array();
$updateQuery = "UPDATE $tableName SET campaignrelstatusid = CASE $fieldName ";
foreach ($statusDetails as $relatedRecordId => $status) {
- $updateQuery .= " WHEN $relatedRecordId THEN $status ";
+ $updateQuery .= " WHEN ? THEN ? ";
+ array_push($paramArray, $relatedRecordId);
+ array_push($paramArray, $status);
}
$updateQuery .= "ELSE campaignrelstatusid END WHERE campaignid = ?";
- $db->pquery($updateQuery, array($sourceRecordId));
+ array_push($paramArray, $sourceRecordId);
+ $db->pquery($updateQuery, $paramArray);
}
}
}
diff --git a/modules/Settings/Leads/models/Mapping.php b/modules/Settings/Leads/models/Mapping.php
index b0d1b580aa5f2c3ce1a7408afa7b9aaeaf7d73df..e9c5b841ddcd29d781381eafc0bfb84416a0b1da 100644
--- a/modules/Settings/Leads/models/Mapping.php
+++ b/modules/Settings/Leads/models/Mapping.php
@@ -195,20 +195,28 @@ class Settings_Leads_Mapping_Model extends Settings_Vtiger_Module_Model {
$accountQuery = ' accountfid = CASE ';
$contactQuery = ' contactfid = CASE ';
$potentialQuery = ' potentialfid = CASE ';
-
+ $paramArray = array();
foreach ($updateMappingsList as $mappingDetails) {
- $mappingId = $mappingDetails['mappingId'];
- $leadQuery .= " WHEN cfmid = $mappingId THEN ". $mappingDetails['lead'];
- $accountQuery .= " WHEN cfmid = $mappingId THEN ". $mappingDetails['account'];
- $contactQuery .= " WHEN cfmid = $mappingId THEN ". $mappingDetails['contact'];
- $potentialQuery .= " WHEN cfmid = $mappingId THEN ". $mappingDetails['potential'];
+ $mappingId = $mappingDetails['mappingId'];
+ $leadQuery .= ' WHEN cfmid = ? THEN ?';
+ array_push($paramArray, $mappingId);
+ array_push($paramArray, $mappingDetails['lead']);
+ $accountQuery .= ' WHEN cfmid = ? THEN ?';
+ array_push($paramArray, $mappingId);
+ array_push($paramArray, $mappingDetails['account']);
+ $contactQuery .= ' WHEN cfmid = ? THEN ?';
+ array_push($paramArray, $mappingId);
+ array_push($paramArray, $mappingDetails['contact']);
+ $potentialQuery .= ' WHEN cfmid = ? THEN ?';
+ array_push($paramArray, $mappingId);
+ array_push($paramArray, $mappingDetails['potential']);
}
$leadQuery .= ' ELSE leadfid END ';
$accountQuery .= ' ELSE accountfid END ';
$contactQuery .= ' ELSE contactfid END ';
$potentialQuery .= ' ELSE potentialfid END ';
-
- $db->pquery("UPDATE vtiger_convertleadmapping $leadQuery, $accountQuery, $contactQuery, $potentialQuery WHERE editable = ?", array(1));
+ array_push($paramArray, 1);
+ $db->pquery("UPDATE vtiger_convertleadmapping $leadQuery, $accountQuery, $contactQuery, $potentialQuery WHERE editable = ?", $paramArray);
}
}
diff --git a/modules/Settings/Picklist/models/Module.php b/modules/Settings/Picklist/models/Module.php
index cc317bd83de7b4327f1df393c053c6c9bdc08360..325c0e467f8ae264814901ecf84e23dfe2fac031 100644
--- a/modules/Settings/Picklist/models/Module.php
+++ b/modules/Settings/Picklist/models/Module.php
@@ -284,17 +284,19 @@ class Settings_Picklist_Module_Model extends Vtiger_Module_Model {
}
- public function updateSequence($pickListFieldName , $picklistValues, $rolesList = false) {
+ public function updateSequence($pickListFieldName , $picklistValues, $rolesList = false) {
$db = PearDatabase::getInstance();
$primaryKey = Vtiger_Util_Helper::getPickListId($pickListFieldName);
-
+ $paramArray = array();
$query = 'UPDATE '.$this->getPickListTableName($pickListFieldName).' SET sortorderid = CASE ';
foreach($picklistValues as $values => $sequence) {
- $query .= ' WHEN '.$primaryKey.'="'.$values.'" THEN "'.$sequence.'"';
+ $query .= ' WHEN '.$primaryKey.'=? THEN ?';
+ array_push($paramArray, $values);
+ array_push($paramArray, $sequence);
}
$query .= ' END';
- $db->pquery($query, array());
+ $db->pquery($query, $paramArray);
Vtiger_Cache::flushPicklistCache($pickListFieldName, $rolesList);
}
diff --git a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
index 44590496d3bae26a7e71b3395080b776fa272bc0..6c644da599ccb9c32ae0460ff4322094b50e6fd4 100644
--- a/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
+++ b/modules/Settings/Vtiger/actions/CompanyDetailsSave.php
@@ -93,4 +93,4 @@ class Settings_Vtiger_CompanyDetailsSave_Action extends Settings_Vtiger_Basic_Ac
public function validateRequest(Vtiger_Request $request) {
$request->validateWriteAccess();
}
-}
+}
\ No newline at end of file
diff --git a/modules/Vtiger/models/Block.php b/modules/Vtiger/models/Block.php
index 3d4d0a06e5c840154fff5a437bc81243eedc46f1..ea842ea927365f01bf53709f15efe83a5721a95e 100644
--- a/modules/Vtiger/models/Block.php
+++ b/modules/Vtiger/models/Block.php
@@ -145,12 +145,16 @@ class Vtiger_Block_Model extends Vtiger_Block {
public static function updateSequenceNumber($sequenceList, $moduleName = false) {
$db = PearDatabase::getInstance();
$query = 'UPDATE vtiger_blocks SET sequence = CASE blockid ';
+ $paramArray = array();
foreach ($sequenceList as $blockId => $sequence){
- $query .=' WHEN '.$blockId.' THEN '.$sequence;
+ $query .=' WHEN ? THEN ?';
+ array_push($paramArray, $blockId);
+ array_push($paramArray, $sequence);
}
$query .=' END ';
$query .= ' WHERE blockid IN ('.generateQuestionMarks($sequenceList).')';
- $db->pquery($query, array_keys($sequenceList));
+ $resultArray = array_merge($paramArray, array_keys($sequenceList));
+ $db->pquery($query, $resultArray);
// To clear cache
if($moduleName){
diff --git a/modules/Vtiger/models/Relation.php b/modules/Vtiger/models/Relation.php
index 8737765c9a3408cd9dd3566f0d0a01abaa84f7e8..6e9bff230a2c8b006931315d49e142e87bbf4c69 100644
--- a/modules/Vtiger/models/Relation.php
+++ b/modules/Vtiger/models/Relation.php
@@ -298,17 +298,20 @@ class Vtiger_Relation_Model extends Vtiger_Base_Model{
}
return $relationField;
}
-
- public static function updateRelationSequenceAndPresence($relatedInfoList, $sourceModuleTabId) {
+
+ public static function updateRelationSequenceAndPresence($relatedInfoList, $sourceModuleTabId) {
$db = PearDatabase::getInstance();
$query = 'UPDATE vtiger_relatedlists SET sequence=CASE ';
$relation_ids = array();
+ $paramArray = array();
foreach($relatedInfoList as $relatedInfo){
$relation_id = $relatedInfo['relation_id'];
$relation_ids[] = $relation_id;
$sequence = $relatedInfo['sequence'];
$presence = $relatedInfo['presence'];
- $query .= ' WHEN relation_id='.$relation_id.' THEN '.$sequence;
+ array_push($paramArray, $relation_id);
+ array_push($paramArray, $sequence);
+ $query .= ' WHEN relation_id=? THEN ?';
}
$query.= ' END , ';
$query.= ' presence = CASE ';
@@ -317,12 +320,16 @@ class Vtiger_Relation_Model extends Vtiger_Base_Model{
$relation_ids[] = $relation_id;
$sequence = $relatedInfo['sequence'];
$presence = $relatedInfo['presence'];
- $query .= ' WHEN relation_id='.$relation_id.' THEN '.$presence;
+ array_push($paramArray, $relation_id);
+ array_push($paramArray, $presence);
+ $query .= ' WHEN relation_id=? THEN ?';
}
+ array_push($paramArray, $sourceModuleTabId);
+ $resultArray = array_merge($paramArray, $relation_ids);
$query .= ' END WHERE tabid=? AND relation_id IN ('. generateQuestionMarks($relation_ids).')';
- $result = $db->pquery($query, array($sourceModuleTabId,$relation_ids));
+ $result = $db->pquery($query, $resultArray);
}
-
+
public function isActive() {
return $this->get('presence') == 0 ? true : false;
}