Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Escape the start/end times instead of intval

Browse Source 
On 32-bit PHP installations, the start/end times will exceed the max size
of a 32-bit integer, causing the query to always return 0 results.
This commit is contained in:
Mike Koch 2016-02-13 23:19:33 -05:00
parent 5708c63b75
commit 1b7cf24258
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal-api/dao/calendar_dao.php
View File

@ -1,12 +1,11 @@
<?php <?php
function get_events($start, $end, $hesk_settings) { function get_events($start, $end, $hesk_settings) {
$sql = "SELECT `events`.*, `categories`.`name` AS `category_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "calendar_event` AS `events` $sql = "SELECT `events`.*, `categories`.`name` AS `category_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "calendar_event` AS `events`
INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` AS `categories` INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` AS `categories`
ON `events`.`category` = `categories`.`id` ON `events`.`category` = `categories`.`id`
WHERE `start` >= FROM_UNIXTIME(" . intval($start) WHERE `start` >= FROM_UNIXTIME(" . hesk_dbEscape($start)
. " / 1000) AND `end` <= FROM_UNIXTIME(" . intval($end) . " / 1000)"; . " / 1000) AND `end` <= FROM_UNIXTIME(" . hesk_dbEscape($end) . " / 1000)";
$rs = hesk_dbQuery($sql); $rs = hesk_dbQuery($sql);