diff --git a/src/messenger/webim/client.php b/src/messenger/webim/client.php index 371241d2..9451ea65 100644 --- a/src/messenger/webim/client.php +++ b/src/messenger/webim/client.php @@ -142,7 +142,7 @@ if( !isset($_GET['token']) || !isset($_GET['thread']) ) { } if($firstmessage) { $postedid = post_message_($thread['threadid'],$kind_user,$firstmessage,$link,$visitor['name']); - commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); + commit_thread( $thread['threadid'], array('shownmessageid' => intval($postedid)), $link); } notify_operators($thread, $firstmessage, $link); mysql_close($link); diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index f2d1eef8..5a2306d1 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -456,7 +456,7 @@ function update_thread_access($threadid, $params, $link) foreach ($params as $k => $v) { if (strlen($clause) > 0) $clause .= ", "; - $clause .= "`" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; + $clause .= "`" . mysql_real_escape_string($k, $link) . "`=" . $v; } perform_query( "update ${mysqlprefix}chatthread set $clause " . @@ -474,7 +474,7 @@ function ping_thread($thread, $isuser, $istyping) $current = $thread['current']; if ($thread['istate'] == $state_loading && $isuser) { - $params['istate'] = $state_queue; + $params['istate'] = intval($state_queue); commit_thread($thread['threadid'], $params, $link); mysql_close($link); return; @@ -489,7 +489,7 @@ function ping_thread($thread, $isuser, $istyping) $message_to_post = getstring_("chat.status.operator.dead", $thread['locale']); post_message_($thread['threadid'], $kind_conn, $message_to_post, $link, null, $lastping + $connection_timeout); - $params['istate'] = $state_waiting; + $params['istate'] = intval($state_waiting); $params['nextagent'] = 0; commit_thread($thread['threadid'], $params, $link); mysql_close($link); @@ -506,7 +506,7 @@ function commit_thread($threadid, $params, $link) global $mysqlprefix; $query = "update ${mysqlprefix}chatthread t set lrevision = " . intval(next_revision($link)) . ", dtmmodified = CURRENT_TIMESTAMP"; foreach ($params as $k => $v) { - $query .= ", `" . mysql_real_escape_string($k, $link) . "`='" . mysql_real_escape_string($v, $link) . "'"; + $query .= ", `" . mysql_real_escape_string($k, $link) . "`=" . $v; } $query .= " where threadid = " . intval($threadid); @@ -533,8 +533,8 @@ function close_thread($thread, $isuser) $link = connect(); if ($thread['istate'] != $state_closed) { - commit_thread($thread['threadid'], array('istate' => $state_closed, - 'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)"), $link); + commit_thread($thread['threadid'], array( 'istate' => intval($state_closed), + 'messageCount' => "(SELECT COUNT(*) FROM ${mysqlprefix}chatmessage WHERE ${mysqlprefix}chatmessage.threadid = t.threadid AND ikind = 1)" ), $link); } $message = $isuser ? getstring2_("chat.status.user.left", array($thread['userName']), $thread['locale'], true) @@ -615,9 +615,9 @@ function do_take_thread($threadid, $operatorId, $operatorName) global $state_chatting; $link = connect(); commit_thread($threadid, - array("istate" => $state_chatting, + array("istate" => intval($state_chatting), "nextagent" => 0, - "agentId" => $operatorId, + "agentId" => intval($operatorId), "agentName" => "'" . mysql_real_escape_string($operatorName, $link) . "'"), $link); mysql_close($link); } @@ -641,7 +641,7 @@ function reopen_thread($threadid) if ($thread['istate'] != $state_chatting && $thread['istate'] != $state_queue && $thread['istate'] != $state_loading) { commit_thread($threadid, - array("istate" => $state_waiting, "nextagent" => 0), $link); + array("istate" => intval($state_waiting), "nextagent" => 0), $link); } post_message_($thread['threadid'], $kind_events, getstring_("chat.status.user.reopenedthread", $thread['locale'], true), $link); diff --git a/src/messenger/webim/operator/redirect.php b/src/messenger/webim/operator/redirect.php index 7bf22ca7..31225aa9 100644 --- a/src/messenger/webim/operator/redirect.php +++ b/src/messenger/webim/operator/redirect.php @@ -43,7 +43,7 @@ if (isset($_GET['nextGroup'])) { if ($thread['istate'] == $state_chatting) { $link = connect(); commit_thread($threadid, - array("istate" => $state_waiting, "nextagent" => 0, "groupid" => $nextid, "agentId" => 0, "agentName" => "''"), $link); + array("istate" => intval($state_waiting), "nextagent" => 0, "groupid" => intval($nextid), "agentId" => 0, "agentName" => "''"), $link); post_message_($thread['threadid'], $kind_events, getstring2_("chat.status.operator.redirect", array(get_operator_name($operator)), $thread['locale'], true), $link); @@ -63,7 +63,7 @@ if (isset($_GET['nextGroup'])) { $page['message'] = getlocal2("chat.redirected.content", array(safe_htmlspecialchars(topage(get_operator_name($nextOperator))))); if ($thread['istate'] == $state_chatting) { $link = connect(); - $threadupdate = array("istate" => $state_waiting, "nextagent" => $nextid, "agentId" => 0); + $threadupdate = array("istate" => intval($state_waiting), "nextagent" => intval($nextid), "agentId" => 0); if ($thread['groupid'] != 0) { if (FALSE === select_one_row("select groupid from ${mysqlprefix}chatgroupoperator where operatorid = " . intval($nextid) . " and groupid = " . intval($thread['groupid']), $link)) { $threadupdate['groupid'] = 0; diff --git a/src/messenger/webim/thread.php b/src/messenger/webim/thread.php index 3e5b3741..508ee966 100644 --- a/src/messenger/webim/thread.php +++ b/src/messenger/webim/thread.php @@ -76,7 +76,7 @@ if( $act == "refresh" ) { $link = connect(); $postedid = post_message_($threadid,$kind,$message,$link,$from,null,$isuser ? null : $operator['operatorid'] ); if($isuser && $thread["shownmessageid"] == 0) { - commit_thread( $thread['threadid'], array('shownmessageid' => $postedid), $link); + commit_thread( $thread['threadid'], array('shownmessageid' => intval($postedid)), $link); } mysql_close($link); print_thread_messages($thread, $token, $lastid, $isuser, $outformat, $isuser ? null : $operator['operatorid']);