diff --git a/include/class.team.php b/include/class.team.php
index 48d7b5655ee2066a73811cf76bd3663476b97a0c..1f663880de038a1364e7fc4a1473c9a12226e8ca 100644
--- a/include/class.team.php
+++ b/include/class.team.php
@@ -126,7 +126,9 @@ class Team {
if($vars['remove']) {
$sql='DELETE FROM '.TEAM_MEMBER_TABLE
.' WHERE team_id='.db_input($this->getId())
- .' AND staff_id IN('.implode(',',$_POST['remove']).')';
+ .' AND staff_id IN ('
+ .implode(',', array_map('db_input', $_POST['remove']))
+ .')';
db_query($sql);
}
diff --git a/scp/apikeys.php b/scp/apikeys.php
index ece24444537c8243a91779e59704314a672efe65..f9293f6053125b6f72f82056ee4466a1086b58c1 100644
--- a/scp/apikeys.php
+++ b/scp/apikeys.php
@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.API_KEY_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.API_KEY_TABLE.' SET isactive=1 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected API keys enabled';
@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected API keys.';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.API_KEY_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.API_KEY_TABLE.' SET isactive=0 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected API keys disabled';
diff --git a/scp/banlist.php b/scp/banlist.php
index b56d05c6d07b28b2536127abe9a5b3be6330cb69..faa709fd3e3aeb1cc81878ad99c885e2b84d56d3 100644
--- a/scp/banlist.php
+++ b/scp/banlist.php
@@ -68,8 +68,10 @@ if($_POST && !$errors && $filter){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=1 WHERE filter_id='.db_input($filter->getId()).
- ' AND id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=1 WHERE filter_id='.
+ db_input($filter->getId()).
+ ' AND id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected emails ban status set to enabled';
@@ -79,8 +81,10 @@ if($_POST && !$errors && $filter){
$errors['err']='Unable to enable selected emails';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=0 WHERE filter_id='.db_input($filter->getId()).
- ' AND id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=0 WHERE filter_id='.
+ db_input($filter->getId()).
+ ' AND id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected emails ban status set to disabled';
diff --git a/scp/canned.php b/scp/canned.php
index cb6da802e404396d561ba306eb4972da3ec2249a..fa208a273bb9e3fc21833b9fa747a3d1ab40be73 100644
--- a/scp/canned.php
+++ b/scp/canned.php
@@ -71,7 +71,8 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
} else {
$count=count($_POST['ids']);
if($_POST['enable']) {
- $sql='UPDATE '.CANNED_TABLE.' SET isenabled=1 WHERE canned_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.CANNED_TABLE.' SET isenabled=1 WHERE canned_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies enabled';
@@ -81,7 +82,8 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
$errors['err']='Unable to enable selected canned replies.';
}
} elseif($_POST['disable']) {
- $sql='UPDATE '.CANNED_TABLE.' SET isenabled=0 WHERE canned_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.CANNED_TABLE.' SET isenabled=0 WHERE canned_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies disabled';
diff --git a/scp/categories.php b/scp/categories.php
index 787b81b5f2bb50d4aa63cdb7a15b8f3adf52af27..ed98da8979e6b2070195c00e7047aceb18cd86a0 100644
--- a/scp/categories.php
+++ b/scp/categories.php
@@ -52,7 +52,8 @@ if($_POST){
} else {
$count=count($_POST['ids']);
if($_POST['public']) {
- $sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=1 WHERE category_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=1 WHERE category_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PUBLIC';
@@ -62,7 +63,8 @@ if($_POST){
$errors['err']='Unable to enable selected categories public.';
}
} elseif($_POST['private']) {
- $sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=0 WHERE category_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=0 WHERE category_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PRIVATE';
diff --git a/scp/departments.php b/scp/departments.php
index d0869cdf7302cafc8fb8fff071b28291833e4120..ae03b6385d9cd7120e22a5d415dfbef32c130aa9 100644
--- a/scp/departments.php
+++ b/scp/departments.php
@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['public']){
- $sql='UPDATE '.DEPT_TABLE.' SET ispublic=1 WHERE dept_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.DEPT_TABLE.' SET ispublic=1 WHERE dept_id IN ('
+ .implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected departments made public';
@@ -56,7 +57,9 @@ if($_POST){
}
}elseif($_POST['private']){
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=0 '.
- 'WHERE dept_id IN ('.implode(',',$_POST['ids']).') AND dept_id!='.db_input($cfg->getDefaultDeptId());
+ 'WHERE dept_id IN ('
+ .implode(',', array_map('db_input', $_POST['ids']))
+ .') AND dept_id!='.db_input($cfg->getDefaultDeptId());
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected departments made private';
@@ -68,7 +71,8 @@ if($_POST){
}elseif($_POST['delete']){
//Deny all deletes if one of the selections has members in it.
- $sql='SELECT count(staff_id) FROM '.STAFF_TABLE.' WHERE dept_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='SELECT count(staff_id) FROM '.STAFF_TABLE.' WHERE dept_id IN ('
+ .implode(',', array_map('db_input', $_POST['ids'])).')';
list($members)=db_fetch_row(db_query($sql));
if($members)
$errors['err']='Dept. with users can not be deleted. Move staff first.';
diff --git a/scp/emails.php b/scp/emails.php
index ddc626fb36dc9265b41835a95dbc6bf7c676e96b..fa8a150d7d7285806f10fce23f4855c8d5c4e1bf 100644
--- a/scp/emails.php
+++ b/scp/emails.php
@@ -46,7 +46,10 @@ if($_POST){
$count=count($_POST['ids']);
$sql='SELECT count(dept_id) FROM '.DEPT_TABLE.' dept '.
- 'WHERE email_id IN ('.implode(',',$_POST['ids']).') OR autoresp_email_id IN ('.implode(',',$_POST['ids']).')';
+ 'WHERE email_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).
+ ') OR autoresp_email_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
list($depts)=db_fetch_row(db_query($sql));
if($depts>0){
$errors['err']='One or more of the selected emails is being used by a department. Remove association first!';
diff --git a/scp/filters.php b/scp/filters.php
index f39b794d047a1f4fa756c320346dae26ed8b9623..665f5bd1e0ebe736a94a743d2a83d73b817dc72d 100644
--- a/scp/filters.php
+++ b/scp/filters.php
@@ -48,7 +48,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=1 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected filters enabled';
@@ -58,7 +59,8 @@ if($_POST){
$errors['err']='Unable to enable selected filters';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=0 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected filters disabled';
diff --git a/scp/groups.php b/scp/groups.php
index 7a4f959169160f6f41f0ebce70db6c6ced266695..4deefd48ca056e1a6ed8fab71bfa3fbef221c2f5 100644
--- a/scp/groups.php
+++ b/scp/groups.php
@@ -43,7 +43,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.GROUP_TABLE.' SET group_enabled=1, updated=NOW() WHERE group_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.GROUP_TABLE.' SET group_enabled=1, updated=NOW() WHERE group_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected groups activated';
@@ -53,7 +54,8 @@ if($_POST){
$errors['err']='Unable to activate selected groups';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.GROUP_TABLE.' SET group_enabled=0, updated=NOW() WHERE group_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.GROUP_TABLE.' SET group_enabled=0, updated=NOW() WHERE group_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected groups disabled';
diff --git a/scp/helptopics.php b/scp/helptopics.php
index 18c34393e9b89a67c91661b516f0f045273d34da..45a288f41f0ffe9f5bde9078270ad17a8fc9eb5a 100644
--- a/scp/helptopics.php
+++ b/scp/helptopics.php
@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.TOPIC_TABLE.' SET isactive=1 WHERE topic_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.TOPIC_TABLE.' SET isactive=1 WHERE topic_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected help topics enabled';
@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected help topics.';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.TOPIC_TABLE.' SET isactive=0 WHERE topic_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.TOPIC_TABLE.' SET isactive=0 WHERE topic_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected help topics disabled';
diff --git a/scp/slas.php b/scp/slas.php
index c67a4d8cd007f7811b3aead54d67280388c33ed5..8c7c1b4affd5e7263002cdeef5d8ad0e83e011eb 100644
--- a/scp/slas.php
+++ b/scp/slas.php
@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.SLA_TABLE.' SET isactive=1 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.SLA_TABLE.' SET isactive=1 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected SLA plans enabled';
@@ -55,7 +56,8 @@ if($_POST){
$errors['err']='Unable to enable selected SLA plans.';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.SLA_TABLE.' SET isactive=0 WHERE id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.SLA_TABLE.' SET isactive=0 WHERE id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected SLA plans disabled';
diff --git a/scp/staff.php b/scp/staff.php
index 863a348c9f37f547f5a8b57ddf0f162cc5257b1f..eacafb3175c209f8a5dead599329491cc531eab8 100644
--- a/scp/staff.php
+++ b/scp/staff.php
@@ -45,7 +45,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.STAFF_TABLE.' SET isactive=1 WHERE staff_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.STAFF_TABLE.' SET isactive=1 WHERE staff_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected staff activated';
diff --git a/scp/syslogs.php b/scp/syslogs.php
index 843fecd842cf49e3d3622338aec78777755ba544..aaaf1843c60c688105507d893dc647f81e587095 100644
--- a/scp/syslogs.php
+++ b/scp/syslogs.php
@@ -23,7 +23,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['delete']){
- $sql='DELETE FROM '.SYSLOG_TABLE.' WHERE log_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='DELETE FROM '.SYSLOG_TABLE.' WHERE log_id IN ('
+ .implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected logs deleted successfully';
diff --git a/scp/teams.php b/scp/teams.php
index c579372197995e4fd3811eddf338d457817aadb0..2fcbb1b1ec1cce26538fddb55e69b960d7747476 100644
--- a/scp/teams.php
+++ b/scp/teams.php
@@ -43,7 +43,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.TEAM_TABLE.' SET isenabled=1 WHERE team_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.TEAM_TABLE.' SET isenabled=1 WHERE team_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected teams activated';
@@ -53,7 +54,8 @@ if($_POST){
$errors['err']='Unable to activate selected teams';
}
}elseif($_POST['disable']){
- $sql='UPDATE '.TEAM_TABLE.' SET isenabled=0 WHERE team_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.TEAM_TABLE.' SET isenabled=0 WHERE team_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected teams disabled';
diff --git a/scp/templates.php b/scp/templates.php
index 47e24dd6e4a4d06d6e35cf8d0ccae290b99dbd24..b87713662627dc2044a336609786d469973ed4f4 100644
--- a/scp/templates.php
+++ b/scp/templates.php
@@ -54,7 +54,8 @@ if($_POST){
}else{
$count=count($_POST['ids']);
if($_POST['enable']){
- $sql='UPDATE '.EMAIL_TEMPLATE_TABLE.' SET isactive=1 WHERE tpl_id IN ('.implode(',',$_POST['ids']).')';
+ $sql='UPDATE '.EMAIL_TEMPLATE_TABLE.' SET isactive=1 WHERE tpl_id IN ('.
+ implode(',', array_map('db_input', $_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected templates enabled';