From 50d6e4e2ffa8e592aa528bbb996507c6312ba41a Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Thu, 24 Nov 2016 12:23:49 -0700 Subject: [PATCH] Update extension_edit.php Prevent a minor SQL error. --- app/extensions/extension_edit.php | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/app/extensions/extension_edit.php b/app/extensions/extension_edit.php index ce4afb17de..cd7d682942 100644 --- a/app/extensions/extension_edit.php +++ b/app/extensions/extension_edit.php @@ -936,19 +936,21 @@ if (count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0) { unset($sql, $prep_statement); //get assigned users - $sql = "SELECT u.username, e.user_uuid FROM v_extension_users as e, v_users as u "; - $sql .= "where e.user_uuid = u.user_uuid "; - $sql .= "and u.user_enabled = 'true' "; - $sql .= "and e.domain_uuid = '".$domain_uuid."' "; - $sql .= "and e.extension_uuid = '".$extension_uuid."' "; - $sql .= "order by u.username asc "; - $prep_statement = $db->prepare(check_sql($sql)); - $prep_statement->execute(); - $assigned_users = $prep_statement->fetchAll(PDO::FETCH_NAMED); - foreach($assigned_users as $field) { - $assigned_user_uuids[] = $field['user_uuid']; + if (is_uuid($extension_uuid)) { + $sql = "SELECT u.username, e.user_uuid FROM v_extension_users as e, v_users as u "; + $sql .= "where e.user_uuid = u.user_uuid "; + $sql .= "and u.user_enabled = 'true' "; + $sql .= "and e.domain_uuid = '".$domain_uuid."' "; + $sql .= "and e.extension_uuid = '".$extension_uuid."' "; + $sql .= "order by u.username asc "; + $prep_statement = $db->prepare(check_sql($sql)); + $prep_statement->execute(); + $assigned_users = $prep_statement->fetchAll(PDO::FETCH_NAMED); + foreach($assigned_users as $field) { + $assigned_user_uuids[] = $field['user_uuid']; + } + unset($sql, $prep_statement); } - unset($sql, $prep_statement); //get the users $sql = "SELECT * FROM v_users ";