Escape the start/end times instead of intval

On 32-bit PHP installations, the start/end times will exceed the max size of a 32-bit integer, causing the query to always return 0 results.
8 years ago · 1b7cf24258
parent 5708c63b75
commit 1b7cf24258
1 changed files with 2 additions and 3 deletions
--- a/internal-api/dao/calendar_dao.php
+++ b/internal-api/dao/calendar_dao.php
@ -1,12 +1,11 @@
 <?php

 function get_events($start, $end, $hesk_settings) {
-
    $sql = "SELECT `events`.*, `categories`.`name` AS `category_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "calendar_event` AS `events`
        INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` AS `categories`
            ON `events`.`category` = `categories`.`id`
-        WHERE `start` >= FROM_UNIXTIME(" . intval($start)
-        . " / 1000) AND `end` <= FROM_UNIXTIME(" . intval($end) . " / 1000)";
+        WHERE `start` >= FROM_UNIXTIME(" . hesk_dbEscape($start)
+        . " / 1000) AND `end` <= FROM_UNIXTIME(" . hesk_dbEscape($end) . " / 1000)";

    $rs = hesk_dbQuery($sql);