From 904d52407a8562ee62d8a92a571d51f6fb20d67d Mon Sep 17 00:00:00 2001
From: Alexey Melnichuk <alexeymelnichuck@gmail.com>
Date: Tue, 22 Nov 2016 08:05:58 +0300
Subject: [PATCH] Add. Use params in do_not_disturb.lua (#2115)

---
 resources/install/scripts/do_not_disturb.lua | 63 ++++++++++++--------
 1 file changed, 37 insertions(+), 26 deletions(-)

diff --git a/resources/install/scripts/do_not_disturb.lua b/resources/install/scripts/do_not_disturb.lua
index 80528e8702..3472a057b8 100644
--- a/resources/install/scripts/do_not_disturb.lua
+++ b/resources/install/scripts/do_not_disturb.lua
@@ -70,17 +70,24 @@
 			session:sleep(1000);
 
 		--connect to the database
-			require "resources.functions.database_handle";
-			dbh = database_handle('system');
+			local Database = require "resources.functions.database";
+			dbh = Database.new('system');
+
+		--include json library
+			local json
+			if (debug["sql"]) then
+				json = require "resources.functions.lunajson"
+			end
 
 		--determine whether to update the dial string
-			sql = "select * from v_extensions ";
-			sql = sql .. "where domain_uuid = '"..domain_uuid.."' ";
-			sql = sql .. "and extension_uuid = '"..extension_uuid.."' ";
+			local sql = "select * from v_extensions ";
+			sql = sql .. "where domain_uuid = :domain_uuid ";
+			sql = sql .. "and extension_uuid = :extension_uuid ";
+			local params = {domain_uuid = domain_uuid, extension_uuid = extension_uuid};
 			if (debug["sql"]) then
-				freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."\n");
+				freeswitch.consoleLog("notice", "[do_not_disturb] " .. sql .. "; params:" .. json.encode(params) .. "\n");
 			end
-			status = dbh:query(sql, function(row)
+			dbh:query(sql, params, function(row)
 				extension = row.extension;
 				number_alias = row.number_alias or '';
 				accountcode = row.accountcode;
@@ -124,43 +131,46 @@
 		--disable follow me
 			if (follow_me_uuid ~= nil) then
 				if (string.len(follow_me_uuid) > 0 and enabled == "true") then
-					sql = "update v_follow_me set ";
+					local sql = "update v_follow_me set ";
 					sql = sql .. "follow_me_enabled = 'false' ";
-					sql = sql .. "where domain_uuid = '"..domain_uuid.."' ";
-					sql = sql .. "and follow_me_uuid = '"..follow_me_uuid.."' ";
+					sql = sql .. "where domain_uuid = :domain_uuid ";
+					sql = sql .. "and follow_me_uuid = :follow_me_uuid ";
+					local params = {domain_uuid = domain_uuid, follow_me_uuid = follow_me_uuid};
 					if (debug["sql"]) then
-						freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."\n");
+						freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."; params:" .. json.encode(params) .. "\n");
 					end
-					dbh:query(sql);
+					dbh:query(sql, params);
 				end
 			end
 
 		--update the extension
 			sql = "update v_extensions set ";
 			if (enabled == "true") then
-				sql = sql .. "dial_string = '"..dial_string.."', ";
+				sql = sql .. "dial_string = :dial_string, ";
 				sql = sql .. "do_not_disturb = 'true', ";
 			else
 				sql = sql .. "dial_string = null, ";
 				sql = sql .. "do_not_disturb = 'false', ";
 			end
 			sql = sql .. "forward_all_enabled = 'false' ";
-			sql = sql .. "where domain_uuid = '"..domain_uuid.."' ";
-			sql = sql .. "and extension_uuid = '"..extension_uuid.."' ";
+			sql = sql .. "where domain_uuid = :domain_uuid ";
+			sql = sql .. "and extension_uuid = :extension_uuid ";
+			local params = {dial_string = dial_string, domain_uuid = domain_uuid, extension_uuid = extension_uuid};
 			if (debug["sql"]) then
-				freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."\n");
+				freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."; params:" .. json.encode(params) .. "\n");
 			end
-			dbh:query(sql);
+			dbh:query(sql, params);
 
 		--determine whether to update the dial string
 			sql = "select * from v_extension_users as e, v_users as u ";
-			sql = sql .. "where e.extension_uuid = '"..extension_uuid.."' ";
+			sql = sql .. "where e.extension_uuid = :extension_uuid ";
 			sql = sql .. "and e.user_uuid = u.user_uuid ";
-			sql = sql .. "and e.domain_uuid = '"..domain_uuid.."' ";
+			sql = sql .. "and e.domain_uuid = :domain_uuid ";
+			local params = {domain_uuid = domain_uuid, extension_uuid = extension_uuid};
 			if (debug["sql"]) then
-				freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."\n");
+				freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."; params:" .. json.encode(params) .. "\n");
 			end
-			status = dbh:query(sql, function(row)
+			dbh:query(sql, params, function(row)
 				--update the call center status
 					if (enabled == "true") then
 						user_status = "Logged Out";
@@ -173,12 +183,13 @@
 					else
 						user_status = "Available";
 					end
-					sql = "update v_users set ";
-					sql = sql .. "user_status = '"..user_status.."' ";
-					sql = sql .. "where domain_uuid = '"..domain_uuid.."' ";
-					sql = sql .. "and user_uuid = '"..row.user_uuid.."' ";
+					local sql = "update v_users set ";
+					sql = sql .. "user_status = :user_status ";
+					sql = sql .. "where domain_uuid = :domain_uuid ";
+					sql = sql .. "and user_uuid = :user_uuid ";
+					local params = {user_status = user_status, domain_uuid = domain_uuid, user_uuid = row.user_uuid};
 					if (debug["sql"]) then
-						freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."\n");
+						freeswitch.consoleLog("notice", "[do_not_disturb] "..sql.."; params:" .. json.encode(params) .. "\n");
 					end
 					dbh:query(sql);
 			end);