From 1d366b8bf23d83574e1a4a69c8e6d3928d997b95 Mon Sep 17 00:00:00 2001
From: Alexey Melnichuk <alexeymelnichuck@gmail.com>
Date: Mon, 21 Nov 2016 23:52:06 +0300
Subject: [PATCH] Add. Use params in ivr_menu.lua (#2116)

---
 resources/install/scripts/ivr_menu.lua | 32 ++++++++++++++++++--------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/resources/install/scripts/ivr_menu.lua b/resources/install/scripts/ivr_menu.lua
index 654df3bdb8..21fc8f38e9 100644
--- a/resources/install/scripts/ivr_menu.lua
+++ b/resources/install/scripts/ivr_menu.lua
@@ -40,6 +40,12 @@
 --get logger
 	local log = require "resources.functions.log".ivr_menu
 
+--include json library
+	local json
+	if (debug["sql"]) then
+		json = require "resources.functions.lunajson"
+	end
+
 --include functions
 	require "resources.functions.format_ringback"
 	require "resources.functions.split"
@@ -98,12 +104,13 @@
 
 --get the ivr menu from the database
 	sql = [[SELECT * FROM v_ivr_menus
-		WHERE ivr_menu_uuid = ']] .. ivr_menu_uuid ..[['
+		WHERE ivr_menu_uuid = :ivr_menu_uuid
 		AND ivr_menu_enabled = 'true' ]];
+	local params = {ivr_menu_uuid = ivr_menu_uuid};
 	if (debug["sql"]) then
-		log.notice("SQL: " .. sql);
+		log.notice("SQL: " .. sql .. "; params: " .. json.encode(params));
 	end
-	dbh:query(sql, function(row)
+	dbh:query(sql, params, function(row)
 		domain_uuid = row["domain_uuid"];
 		ivr_menu_name = row["ivr_menu_name"];
 		--ivr_menu_extension = row["ivr_menu_extension"];
@@ -185,15 +192,17 @@
 					return full_path
 				end
 
-				local sql = [[SELECT * FROM v_recordings WHERE domain_uuid = ']]..domain_uuid..
-							[['AND recording_filename = ']]..file_name..[[' ]];
+				local sql = "SELECT * FROM v_recordings WHERE domain_uuid = :domain_uuid "
+							.. "AND recording_filename = :file_name";
+
+				local params = {domain_uuid = domain_uuid, file_name = file_name};
 
 				if (debug["sql"]) then
-					log.notice("SQL: "..sql);
+					log.notice("SQL: " .. sql .. "; params: " .. json.encode(params));
 				end
 
 				local is_base64
-				dbh:query(sql, function(row)
+				dbh:query(sql, params, function(row)
 					if #row.recording_base64 > 32 then
 						--include the file io
 							local file = require "resources.functions.file"
@@ -323,9 +332,12 @@
 			end
 
 		--get the ivr menu options
-			sql = [[SELECT * FROM v_ivr_menu_options WHERE ivr_menu_uuid = ']] .. ivr_menu_uuid ..[[' ORDER BY ivr_menu_option_order asc ]];
+			local sql = "SELECT * FROM v_ivr_menu_options "
+				.. "WHERE ivr_menu_uuid = :ivr_menu_uuid "
+				.. "ORDER BY ivr_menu_option_order asc ";
+			local params = {ivr_menu_uuid = ivr_menu_uuid};
 			if (debug["sql"]) then
-				log.notice("SQL: " .. sql);
+				log.notice("SQL: " .. sql .. "; params: " .. json.encode(params));
 			end
 
 		--connect to the database
@@ -333,7 +345,7 @@
 
 		--select actions to execute
 			local actions = {}
-			dbh:query(sql, function(row)
+			dbh:query(sql, params, function(row)
 				-- declare vars
 					local action, script, data