From 1b7cf2425829f2e8834b4b0fd591582aa8352a57 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Sat, 13 Feb 2016 23:19:33 -0500
Subject: [PATCH] Escape the start/end times instead of intval

On 32-bit PHP installations, the start/end times will exceed the max size
of a 32-bit integer, causing the query to always return 0 results.
---
 internal-api/dao/calendar_dao.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/internal-api/dao/calendar_dao.php b/internal-api/dao/calendar_dao.php
index d3ce7b9d..83c2a780 100644
--- a/internal-api/dao/calendar_dao.php
+++ b/internal-api/dao/calendar_dao.php
@@ -1,12 +1,11 @@
 <?php
 
 function get_events($start, $end, $hesk_settings) {
-
     $sql = "SELECT `events`.*, `categories`.`name` AS `category_name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "calendar_event` AS `events`
         INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` AS `categories`
             ON `events`.`category` = `categories`.`id`
-        WHERE `start` >= FROM_UNIXTIME(" . intval($start)
-        . " / 1000) AND `end` <= FROM_UNIXTIME(" . intval($end) . " / 1000)";
+        WHERE `start` >= FROM_UNIXTIME(" . hesk_dbEscape($start)
+        . " / 1000) AND `end` <= FROM_UNIXTIME(" . hesk_dbEscape($end) . " / 1000)";
 
     $rs = hesk_dbQuery($sql);