Fix bug with userid type in sql requests

2025-02-02 09:34:41 +03:00 · 2013-09-13 19:33:31 +04:00 · 2013-09-13 19:33:31 +04:00 · b77e2a9743
commit b77e2a9743
parent 4f43280bd1
2 changed files with 3 additions and 3 deletions
--- a/src/messenger/webim/libs/chat.php
+++ b/src/messenger/webim/libs/chat.php
@ -597,9 +597,9 @@ function create_thread($groupid, $username, $remoteHost, $referer, $lang, $useri
 	global $mysqlprefix;
 	$query = sprintf(
 		"insert into ${mysqlprefix}chatthread (userName,userid,ltoken,remote,referer,lrevision,locale,userAgent,dtmcreated,dtmmodified,istate" . ($groupid ? ",groupid" : "") . ") values " .
-		"('%s',%s,%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,%s" . ($groupid ? "," . intval($groupid) : "") . ")",
+		"('%s','%s',%s,'%s','%s',%s,'%s','%s',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,%s" . ($groupid ? "," . intval($groupid) : "") . ")",
 		mysql_real_escape_string($username, $link),
-		intval($userid),
+		mysql_real_escape_string($userid, $link),
 		intval(next_token()),
 		mysql_real_escape_string($remoteHost, $link),
 		mysql_real_escape_string($referer, $link),
--- a/src/messenger/webim/operator/userhistory.php
+++ b/src/messenger/webim/operator/userhistory.php
@ -44,7 +44,7 @@ function threads_by_userid($userid)
 	$query = sprintf("select unix_timestamp(dtmcreated) as created, unix_timestamp(dtmmodified) as modified, " .
 					 " threadid, remote, agentName, userName " .
 					 "from ${mysqlprefix}chatthread " .
-					 "where userid=%s order by created DESC", intval($userid));
+					 "where userid='%s' order by created DESC", mysql_real_escape_string($userid, $link));

 	$result = mysql_query($query, $link) or die(' Query failed: ' . mysql_error($link));