\n";
diff --git a/app/access_controls/access_controls.php b/app/access_controls/access_controls.php
index a178ff97e8..fc66111294 100644
--- a/app/access_controls/access_controls.php
+++ b/app/access_controls/access_controls.php
@@ -115,7 +115,6 @@
unset($sql, $access_controls);
} //end if results
- echo "
\n";
echo "\n";
if (permission_exists('access_control_add')) {
echo "\n";
diff --git a/app/call_block/call_block.php b/app/call_block/call_block.php
index 27d33795c9..8ae0a70360 100644
--- a/app/call_block/call_block.php
+++ b/app/call_block/call_block.php
@@ -30,12 +30,8 @@ require_once "resources/require.php";
//check permissions
require_once "resources/check_auth.php";
- if (permission_exists('call_block_view')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('call_block_view')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -47,44 +43,22 @@ require_once "resources/require.php";
require_once "resources/paging.php";
//get variables used to control the order
- $order_by = $_GET["order_by"];
+ $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'call_block_number';
$order = $_GET["order"];
-//validate order by
- if (strlen($order_by) > 0) {
- $order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', $order_by);
- }
-
-//validate the order
- switch ($order) {
- case 'asc':
- break;
- case 'desc':
- break;
- default:
- $order = '';
- }
-
//show the content
- echo "
\n";
- echo " \n";
- echo " | ".$text['title-call-block']." | \n";
- echo " | \n";
- echo "
\n";
- echo " \n";
- echo " \n";
- echo " ".$text['description-call-block']."
\n";
- echo " | \n";
- echo "
\n";
- echo "
\n";
+ echo "
".$text['title-call-block']."\n";
+ echo "
\n";
+ echo $text['description-call-block']."\n";
+ echo "
\n";
//prepare to page the results
- $sql = "select count(*) as num_rows from v_call_block ";
+ $sql = "select count(*) from v_call_block ";
$sql .= "where domain_uuid = :domain_uuid ";
- $parameters['domain_uuid'] = $domain_uuid;
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
$num_rows = $database->select($sql, $parameters, 'column');
- //unset($parameters);
+ unset($parameters);
//prepare to page the results
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -97,16 +71,12 @@ require_once "resources/require.php";
//get the list
$sql = "select * from v_call_block ";
$sql .= "where domain_uuid = :domain_uuid ";
- if (strlen($order_by) > 0) {
- $sql .= "order by $order_by $order ";
- } else {
- $sql .= "order by call_block_number asc ";
- }
- $sql .= "limit :rows_per_page offset :offset ";
+ $sql .= order_by($order_by, $order);
+ $sql .= limit_offset($rows_per_page, $offset);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
$database = new database;
- $parameters['rows_per_page'] = $rows_per_page;
- $parameters['offset'] = $offset;
$result = $database->select($sql, $parameters, 'all');
+ unset($parameters);
//table headers
$c = 0;
@@ -130,11 +100,11 @@ require_once "resources/require.php";
//show the results
if (is_array($result)) {
foreach($result as $row) {
- $tr_link = (permission_exists('call_block_edit')) ? "href='call_block_edit.php?id=".$row['call_block_uuid']."'" : null;
+ $tr_link = (permission_exists('call_block_edit')) ? "href='call_block_edit.php?id=".escape($row['call_block_uuid'])."'" : null;
echo "
\n";
echo " | ";
if (permission_exists('call_block_edit')) {
- echo "".escape($row['call_block_number'])."";
+ echo "".escape($row['call_block_number'])."";
}
else {
echo escape($row['call_block_number']);
@@ -159,30 +129,20 @@ require_once "resources/require.php";
};
echo " | ";
echo "
\n";
- if ($c==0) { $c=1; } else { $c=0; }
+ $c = $c == 1 ? 0 : 1;
} //end foreach
unset($sql, $result, $row_count);
} //end if results
//complete the content
- echo "
\n";
- echo "\n";
- echo " \n";
- echo " \n";
- echo " | | \n";
- echo " $paging_controls | \n";
- echo " ";
+ echo " | \n";
if (permission_exists('call_block_add')) {
- echo "$v_link_label_add";
+ echo "\n";
}
- echo " | \n";
- echo "
\n";
- echo " \n";
- echo "\n";
- echo "
\n";
-
- echo "";
- echo "
";
+ echo "
\n";
+ echo "
".$paging_controls."
\n";
//include the footer
require_once "resources/footer.php";
diff --git a/app/call_block/call_block_cdr_add.php b/app/call_block/call_block_cdr_add.php
index be38fbc8f3..eb82e7d0b9 100644
--- a/app/call_block/call_block_cdr_add.php
+++ b/app/call_block/call_block_cdr_add.php
@@ -32,12 +32,8 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('call_block_edit') || permission_exists('call_block_add')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -45,68 +41,68 @@
$text = $language->get();
//action add from cdr
- if (isset($_REQUEST["cdr_id"])) {
+ if (is_uuid($_REQUEST["cdr_id"])) {
$action = "cdr_add";
- $xml_cdr_uuid = check_str($_REQUEST["cdr_id"]);
- $call_block_name = check_str($_REQUEST["name"]);
+ $xml_cdr_uuid = $_REQUEST["cdr_id"];
+ $call_block_name = $_REQUEST["name"];
- // get the caller id info from cdr that user chose
- $sql = "select ";
- if ($call_block_name == '') {
- $sql .= "caller_id_name, ";
- }
- $sql .= "caller_id_number ";
- $sql .= "from v_xml_cdr ";
- $sql .= "where xml_cdr_uuid = '".$xml_cdr_uuid."' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetch();
- unset ($prep_statement);
+ // get the caller id info from cdr the user chose
+ $sql = "select caller_id_name, caller_id_number ";
+ $sql .= "from v_xml_cdr ";
+ $sql .= "where xml_cdr_uuid = :xml_cdr_uuid ";
+ $parameters['xml_cdr_uuid'] = $xml_cdr_uuid;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'row');
+ unset ($sql, $parameters);
- $call_block_name = ($call_block_name == '') ? $result["caller_id_name"] : $call_block_name;
- $call_block_number = $result["caller_id_number"];
- $call_block_enabled = "true";
- $block_call_action = "Reject";
+ //create data array
+ $array['call_block'][0]['call_block_uuid'] = uuid();
+ $array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['call_block'][0]['call_block_name'] = $call_block_name == '' ? $result["caller_id_name"] : $call_block_name;
+ $array['call_block'][0]['call_block_number'] = $result["caller_id_number"];
+ $array['call_block'][0]['call_block_count'] = 0;
+ $array['call_block'][0]['call_block_action'] = 'Reject';
+ $array['call_block'][0]['call_block_enabled'] = 'true';
+ $array['call_block'][0]['date_added'] = time();
//ensure call block is enabled in the dialplan
- $sql = "update v_dialplans set ";
- $sql .= "dialplan_enabled = 'true' ";
- $sql .= "where ";
- $sql .= "app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' and ";
- $sql .= "domain_uuid = '".$domain_uuid."' and ";
- $sql .= "dialplan_enabled <> 'true' ";
- $db->exec(check_sql($sql));
- unset($sql);
+ if ($action == "add" || $action == "update") {
+ $sql = "select dialplan_uuid from v_dialplans where true ";
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $sql .= "and app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' ";
+ $sql .= "and dialplan_enabled <> 'true' ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $rows = $database->select($sql, $parameters);
+
+ if (is_array($rows) && sizeof($rows) != 0) {
+ foreach ($rows as $index => $row) {
+ $array['dialplans'][$index]['dialplan_uuid'] = $row['dialplan_uuid'];
+ $array['dialplans'][$index]['dialplan_enabled'] = 'true';
+ }
+
+ $p = new permissions;
+ $p->add('dialplan_edit', 'temp');
+
+ $database = new database;
+ $database->save($array);
+ unset($array);
+
+ $p->delete('dialplan_edit', 'temp');
+ }
+ }
//insert call block record
- $sql = "insert into v_call_block ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "call_block_uuid, ";
- $sql .= "call_block_name, ";
- $sql .= "call_block_number, ";
- $sql .= "call_block_count, ";
- $sql .= "call_block_action, ";
- $sql .= "call_block_enabled, ";
- $sql .= "date_added ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".$_SESSION['domain_uuid']."', ";
- $sql .= "'".uuid()."', ";
- $sql .= "'".$call_block_name."', ";
- $sql .= "'".$call_block_number."', ";
- $sql .= "0, ";
- $sql .= "'".$block_call_action."', ";
- $sql .= "'".$call_block_enabled."', ";
- $sql .= "'".time()."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $database = new database;
+ $database->app_name = 'call_block';
+ $database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+ $database->save($array);
+ $response = $database->message;
+ unset($array);
//add a message
- message::add($text['label-add-complete']);
+ message::add($text['label-add-complete']);
}
//redirect the browser
diff --git a/app/call_block/call_block_delete.php b/app/call_block/call_block_delete.php
index 8cc459374b..d16329186f 100644
--- a/app/call_block/call_block_delete.php
+++ b/app/call_block/call_block_delete.php
@@ -31,55 +31,56 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('call_block_delete')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('call_block_delete')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
$language = new text;
$text = $language->get();
-//set the variable
- if (count($_GET)>0) {
- $id = $_GET["id"];
- }
-
//delete the extension
- if (strlen($id)>0) {
+ if (is_uuid($_GET["id"])) {
+ $call_block_uuid = $_GET["id"];
+
//read the call_block_number
- $sql = " select c.call_block_number, d.domain_name from v_call_block as c ";
- $sql .= "JOIN v_domains as d ON c.domain_uuid=d.domain_uuid ";
- $sql .= "where c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and c.call_block_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll();
- $result_count = count($result);
- if ($result_count > 0) {
- $call_block_number = $result[0]["call_block_number"];
- $domain_name = $result[0]["domain_name"];
+ $sql = "select c.call_block_number, d.domain_name ";
+ $sql .= "from v_call_block as c ";
+ $sql .= "join v_domains as d on c.domain_uuid = d.domain_uuid ";
+ $sql .= "where c.domain_uuid = :domain_uuid ";
+ $sql .= "and c.call_block_uuid = :call_block_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['call_block_uuid'] = $call_block_uuid;
+ $database = new database;
+ $result = $database->select($sql, $parameters, 'row');
+
+ if (is_array($result) && sizeof($result) != 0) {
+ $call_block_number = $result["call_block_number"];
+ $domain_name = $result["domain_name"];
//clear the cache
$cache = new cache;
$cache->delete("app:call_block:".$domain_name.":".$call_block_number);
}
- unset ($prep_statement, $sql);
+
+ unset($sql, $parameters, $result);
//delete the call block
- $sql = "delete from v_call_block ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and call_block_uuid = '$id' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- unset($prep_statement, $sql);
+ $array['call_block'][0]['call_block_uuid'] = $call_block_uuid;
+ $array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+
+ $database = new database;
+ $database->app_name = 'call_block';
+ $database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+ $database->delete($array);
+ $response = $database->message;
+ unset($array);
+
+ //message
+ message::add($text['label-delete-complete']);
}
//redirect the browser
- message::add($text['label-delete-complete']);
header("Location: call_block.php");
return;
diff --git a/app/call_block/call_block_edit.php b/app/call_block/call_block_edit.php
index 17e71fa1ad..d4543e1cd1 100644
--- a/app/call_block/call_block_edit.php
+++ b/app/call_block/call_block_edit.php
@@ -32,12 +32,8 @@
require_once "resources/check_auth.php";
//check permissions
- if (permission_exists('call_block_edit') || permission_exists('call_block_add')) {
- //access granted
- }
- else {
- echo "access denied";
- exit;
+ if (!permission_exists('call_block_edit') && !permission_exists('call_block_add')) {
+ echo "access denied"; exit;
}
//add multi-lingual support
@@ -46,33 +42,34 @@
//define the call_block_get_extensions function
function call_block_get_extensions($select_extension) {
- global $db, $text;
+ global $text;
//list voicemail
$sql = "select extension, user_context, description from v_extensions ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ $sql .= "where domain_uuid = :domain_uuid ";
$sql .= "and enabled = 'true' ";
$sql .= "order by extension asc ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $result = $database->select($sql, $parameters);
- echo "
\n";
}
//action add or update
- if (isset($_REQUEST["id"])) {
+ if (is_uuid($_REQUEST["id"])) {
$action = "update";
- $call_block_uuid = check_str($_REQUEST["id"]);
+ $call_block_uuid = $_REQUEST["id"];
}
else {
$action = "add";
@@ -80,10 +77,10 @@
//get http post variables and set them to php variables
if (count($_POST) > 0) {
- $call_block_name = check_str($_POST["call_block_name"]);
- $call_block_number = check_str($_POST["call_block_number"]);
- $call_block_action = check_str($_POST["call_block_action"]);
- $call_block_enabled = check_str($_POST["call_block_enabled"]);
+ $call_block_name = $_POST["call_block_name"];
+ $call_block_number = $_POST["call_block_number"];
+ $call_block_action = $_POST["call_block_action"];
+ $call_block_enabled = $_POST["call_block_enabled"];
}
//handle the http post
@@ -114,62 +111,68 @@
}
//add or update the database
- if (($_POST["persistformvar"] != "true")>0) {
+ if (is_array($_POST) && sizeof($_POST) != 0 && $_POST["persistformvar"] != "true") {
- if ($action == "add" || $action == "update") {
- //ensure call block is enabled in the dialplan
- $sql = "update v_dialplans set ";
- $sql .= "dialplan_enabled = 'true' ";
- $sql .= "where ";
- $sql .= "app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' and ";
- $sql .= "domain_uuid = '".$domain_uuid."' and ";
- $sql .= "dialplan_enabled <> 'true' ";
- $db->exec(check_sql($sql));
- unset($sql);
- }
+ //ensure call block is enabled in the dialplan
+ if ($action == "add" || $action == "update") {
+ $sql = "select dialplan_uuid from v_dialplans where true ";
+ $sql .= "and domain_uuid = :domain_uuid ";
+ $sql .= "and app_uuid = 'b1b31930-d0ee-4395-a891-04df94599f1f' ";
+ $sql .= "and dialplan_enabled <> 'true' ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $rows = $database->select($sql, $parameters);
+
+ if (is_array($rows) && sizeof($rows) != 0) {
+ foreach ($rows as $index => $row) {
+ $array['dialplans'][$index]['dialplan_uuid'] = $row['dialplan_uuid'];
+ $array['dialplans'][$index]['dialplan_enabled'] = 'true';
+ }
+
+ $p = new permissions;
+ $p->add('dialplan_edit', 'temp');
+
+ $database = new database;
+ $database->save($array);
+ unset($array);
+
+ $p->delete('dialplan_edit', 'temp');
+ }
+ }
if ($action == "add") {
- $sql = "insert into v_call_block ";
- $sql .= "(";
- $sql .= "domain_uuid, ";
- $sql .= "call_block_uuid, ";
- $sql .= "call_block_name, ";
- $sql .= "call_block_number, ";
- $sql .= "call_block_count, ";
- $sql .= "call_block_action, ";
- $sql .= "call_block_enabled, ";
- $sql .= "date_added ";
- $sql .= ") ";
- $sql .= "values ";
- $sql .= "(";
- $sql .= "'".$_SESSION['domain_uuid']."', ";
- $sql .= "'".uuid()."', ";
- $sql .= "'$call_block_name', ";
- $sql .= "'$call_block_number', ";
- $sql .= "0, ";
- $sql .= "'$call_block_action', ";
- $sql .= "'$call_block_enabled', ";
- $sql .= "'".time()."' ";
- $sql .= ")";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['call_block'][0]['call_block_uuid'] = uuid();
+ $array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['call_block'][0]['call_block_name'] = $call_block_name;
+ $array['call_block'][0]['call_block_number'] = $call_block_number;
+ $array['call_block'][0]['call_block_count'] = 0;
+ $array['call_block'][0]['call_block_action'] = $call_block_action;
+ $array['call_block'][0]['call_block_enabled'] = $call_block_enabled;
+ $array['call_block'][0]['date_added'] = time();
+
+ $database = new database;
+ $database->app_name = 'call_block';
+ $database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+ $database->save($array);
+ $response = $database->message;
+ unset($array);
message::add($text['label-add-complete']);
header("Location: call_block.php");
return;
- } //if ($action == "add")
+ }
if ($action == "update") {
- $sql = " select c.call_block_number, d.domain_name from v_call_block as c ";
- $sql .= "JOIN v_domains as d ON c.domain_uuid=d.domain_uuid ";
- $sql .= "where c.domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and c.call_block_uuid = '$call_block_uuid'";
-
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll();
- $result_count = count($result);
- if ($result_count > 0) {
+ $sql = "select c.call_block_number, d.domain_name ";
+ $sql .= "from v_call_block as c ";
+ $sql .= "join v_domains as d on c.domain_uuid = d.domain_uuid ";
+ $sql .= "where c.domain_uuid = :domain_uuid ";
+ $sql .= "and c.call_block_uuid = :call_block_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['call_block_uuid'] = $call_block_uuid;
+ $database = new database;
+ $result = $database->select($sql, $parameters);
+ if (is_array($result) && sizeof($result) != 0) {
//set the domain_name
$domain_name = $result[0]["domain_name"];
@@ -177,40 +180,50 @@
$cache = new cache;
$cache->delete("app:call_block:".$domain_name.":".$call_block_number);
}
- unset ($prep_statement, $sql);
+ unset($sql, $parameters);
- $sql = "update v_call_block set ";
- $sql .= "call_block_name = '$call_block_name', ";
- $sql .= "call_block_number = '$call_block_number', ";
- $sql .= "call_block_action = '$call_block_action', ";
- $sql .= "call_block_enabled = '$call_block_enabled' ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and call_block_uuid = '$call_block_uuid'";
- $db->exec(check_sql($sql));
- unset($sql);
+ $array['call_block'][0]['call_block_uuid'] = $call_block_uuid;
+ $array['call_block'][0]['domain_uuid'] = $_SESSION['domain_uuid'];
+ $array['call_block'][0]['call_block_name'] = $call_block_name;
+ $array['call_block'][0]['call_block_number'] = $call_block_number;
+ $array['call_block'][0]['call_block_action'] = $call_block_action;
+ $array['call_block'][0]['call_block_enabled'] = $call_block_enabled;
+ $array['call_block'][0]['date_added'] = time();
+
+ $database = new database;
+ $database->app_name = 'call_block';
+ $database->app_uuid = '9ed63276-e085-4897-839c-4f2e36d92d6c';
+ $database->save($array);
+ $response = $database->message;
+ unset($array);
message::add($text['label-update-complete']);
header("Location: call_block.php");
return;
- } //if ($action == "update")
- } //if ($_POST["persistformvar"] != "true")
- } //(count($_POST)>0 && strlen($_POST["persistformvar"]) == 0)
+ }
+
+ }
+
+ }
//pre-populate the form
if (count($_GET) > 0 && $_POST["persistformvar"] != "true") {
$call_block_uuid = $_GET["id"];
$sql = "select * from v_call_block ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
- $sql .= "and call_block_uuid = '$call_block_uuid' ";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $row = $prep_statement->fetch();
- $call_block_name = $row["call_block_name"];
- $call_block_number = $row["call_block_number"];
- $call_block_action = $row["call_block_action"];
- $blocked_call_destination = $row["blocked_call_destination"];
- $call_block_enabled = $row["call_block_enabled"];
- unset ($prep_statement, $sql);
+ $sql .= "where domain_uuid = :domain_uuid ";
+ $sql .= "and call_block_uuid = :call_block_uuid ";
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $parameters['call_block_uuid'] = $call_block_uuid;
+ $database = new database;
+ $row = $database->select($sql, $parameters, 'row');
+ if (is_array($row) && sizeof($row) != 0) {
+ $call_block_name = $row["call_block_name"];
+ $call_block_number = $row["call_block_number"];
+ $call_block_action = $row["call_block_action"];
+ $blocked_call_destination = $row["blocked_call_destination"];
+ $call_block_enabled = $row["call_block_enabled"];
+ }
+ unset($sql, $parameters, $row);
}
//show the header
@@ -342,16 +355,18 @@
//get recent calls from the db (if not editing an existing call block record)
- if (!isset($_REQUEST["id"])) {
- $sql = "select caller_id_number, caller_id_name, start_epoch, direction, hangup_cause, duration, billsec, xml_cdr_uuid from v_xml_cdr ";
- $sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
+ if (!is_uuid($_REQUEST["id"])) {
+ $sql = "select caller_id_number, caller_id_name, start_epoch, direction, hangup_cause, duration, billsec, xml_cdr_uuid ";
+ $sql .= "from v_xml_cdr where true ";
+ $sql .= "and domain_uuid = :domain_uuid ";
$sql .= "and direction != 'outbound' ";
- $sql .= "order by start_stamp DESC ";
- $sql .= "limit '".$_SESSION['call_block']['recent_call_limit']['text']."'";
- $prep_statement = $db->prepare(check_sql($sql));
- $prep_statement->execute();
- $result = $prep_statement->fetchAll();
- unset ($prep_statement);
+ $sql .= "order by start_stamp desc ";
+ $sql .= limit_offset($_SESSION['call_block']['recent_call_limit']['text']);
+ $parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+ $database = new database;
+ $database = new database;
+ $result = $database->select($sql, $parameters);
+ unset($sql, $parameters);
echo "
".$text['label-edit-add-recent']."";
echo "
";
@@ -367,7 +382,7 @@
$row_style["0"] = "row_style0";
$row_style["1"] = "row_style1";
- if (is_array($result)) {
+ if (is_array($result) && sizeof($result) != 0) {
foreach($result as $row) {
$tr_onclick = " onclick=\"call_block_recent('".escape($row['xml_cdr_uuid'])."','".urlencode(escape($row['caller_id_name']))."');\" ";
if (strlen($row['caller_id_number']) >= 7) {
@@ -424,23 +439,17 @@
echo "
".$v_link_label_add."";
echo " ";
echo "