From b9bba7edce427be9f7182d1a20d8085881284ac4 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Tue, 20 Aug 2019 13:05:27 -0600
Subject: [PATCH] Update database.php

---
 resources/classes/database.php | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/resources/classes/database.php b/resources/classes/database.php
index 326060503e..5cd092376e 100644
--- a/resources/classes/database.php
+++ b/resources/classes/database.php
@@ -1734,13 +1734,13 @@ include "root.php";
 							$sql .= "(";
 							$sql .= "database_transaction_uuid, ";
 							$sql .= "domain_uuid, ";
-							if (strlen($user_uuid) > 0) {
+							if (isset($user_uuid) && is_uuid($user_uuid)) {
 								$sql .= "user_uuid, ";
 							}
-							if (strlen($this->app_uuid) > 0) {
+							if (isset($this->app_uuid) && is_uuid($this->app_uuid)) {
 								$sql .= "app_uuid, ";
 							}
-							if (strlen($this->app_name) > 0) {
+							if (isset($this->app_name) && strlen($this->app_name) > 0) {
 								$sql .= "app_name, ";
 							}
 							$sql .= "transaction_code, ";
@@ -1760,13 +1760,13 @@ include "root.php";
 							else {
 								$sql .= "'".$this->domain_uuid."', ";
 							}
-							if (strlen($user_uuid) > 0) {
+							if (isset($user_uuid) && is_uuid($user_uuid)) {
 								$sql .= ":user_uuid, ";
 							}
-							if (strlen($this->app_uuid) > 0) {
+							if (isset($this->app_uuid) && is_uuid($this->app_uuid)) {
 								$sql .= ":app_uuid, ";
 							}
-							if (strlen($this->app_name) > 0) {
+							if (isset($this->app_name) && strlen($this->app_name) > 0) {
 								$sql .= ":app_name, ";
 							}
 							$sql .= "'".$message["code"]."', ";
@@ -1788,13 +1788,13 @@ include "root.php";
 							$sql .= ":transaction_result ";
 							$sql .= ")";
 							$statement = $this->db->prepare($sql);
-							if (strlen($user_uuid) > 0) {
+							if (isset($user_uuid) && is_uuid($user_uuid)) {
 								$statement->bindParam(':user_uuid', $user_uuid);
 							}
-							if (strlen($this->app_uuid) > 0) {
+							if (isset($this->app_uuid) && is_uuid($this->app_uuid)) {
 								$statement->bindParam(':app_uuid', $this->app_uuid);
 							}
-							if (strlen($this->app_name) > 0) {
+							if (isset($this->app_name) && strlen($this->app_name) > 0) {
 								$statement->bindParam(':app_name', $this->app_name);
 							}
 							$statement->bindParam(':remote_address', $_SERVER['REMOTE_ADDR']);