From db46d5ac301bb32ddb9304b3c7d5c0d31d1428b2 Mon Sep 17 00:00:00 2001
From: Nate <github@najo.com>
Date: Fri, 9 Aug 2019 07:06:59 -0600
Subject: [PATCH] IVR Menus: Database class integration.

---
 app/ivr_menus/app_config.php             |   2 +-
 app/ivr_menus/app_defaults.php           |  22 ++-
 app/ivr_menus/app_languages.php          |  20 ++
 app/ivr_menus/ivr_menu_copy.php          | 241 +++++++++++------------
 app/ivr_menus/ivr_menu_delete.php        |  19 +-
 app/ivr_menus/ivr_menu_edit.php          | 127 ++++++------
 app/ivr_menus/ivr_menu_option_delete.php |  35 ++--
 app/ivr_menus/ivr_menus.php              |  91 ++++-----
 8 files changed, 290 insertions(+), 267 deletions(-)

diff --git a/app/ivr_menus/app_config.php b/app/ivr_menus/app_config.php
index 727e395086..16771df326 100644
--- a/app/ivr_menus/app_config.php
+++ b/app/ivr_menus/app_config.php
@@ -1,7 +1,7 @@
 <?php
 
 	//application details
-		$apps[$x]['name'] = "IVR Menu";
+		$apps[$x]['name'] = "IVR Menus";
 		$apps[$x]['uuid'] = "a5788e9b-58bc-bd1b-df59-fff5d51253ab";
 		$apps[$x]['category'] = "Switch";
 		$apps[$x]['subcategory'] = "";
diff --git a/app/ivr_menus/app_defaults.php b/app/ivr_menus/app_defaults.php
index aaf63e75a1..92b44ff490 100644
--- a/app/ivr_menus/app_defaults.php
+++ b/app/ivr_menus/app_defaults.php
@@ -31,24 +31,32 @@ if ($domains_processed == 1) {
 	$sql = "select * from v_ivr_menus where ivr_menu_context is null ";
 	$database = new database;
 	$ivr_menus = $database->select($sql, null, 'all');
+	unset($sql);
+
 	if (is_array($ivr_menus)) {
 
 		//get the domain list
 		$sql = "select * from v_domains ";
 		$domains = $database->select($sql, null, 'all');
+		unset($sql);
 
 		//update the ivr menu context
+		$x = 0;
 		foreach ($ivr_menus as $row) {
 			foreach ($domains as $domain) {
 				if ($row['domain_uuid'] == $domain['domain_uuid']) {
-					$sql = "update v_ivr_menus set ivr_menu_context = :domain_name \n";
-					$sql .= "where ivr_menu_uuid = :ivr_menu_uuid \n";
-					$parameters['domain_name'] = $domain['domain_name'];
-					$parameters['ivr_menu_uuid'] = $row['ivr_menu_uuid'];
-					$database->execute($sql, $parameters);
-					unset($parameters);
+					$array['ivr_menus'][$x]['ivr_menu_uuid'] = $row['ivr_menu_uuid'];
+					$array['ivr_menus'][$x]['ivr_menu_context'] = $domain['domain_name'];
+					$x++;
 				}
-			 }
+			}
+		}
+		if (is_array($array) && @sizeof($array) != 0) {
+			$database = new database;
+			$database->app_name = 'ivr_menus';
+			$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
+			$database->save($array);
+			unset($array);
 		}
 	}
 
diff --git a/app/ivr_menus/app_languages.php b/app/ivr_menus/app_languages.php
index a1c71c33a8..ecdd3b4e98 100644
--- a/app/ivr_menus/app_languages.php
+++ b/app/ivr_menus/app_languages.php
@@ -581,6 +581,26 @@ $text['label-caller_id_name_prefix']['ru-ru'] = "Префикс имени (Call
 $text['label-caller_id_name_prefix']['sv-se'] = "Caller ID Namn Prefix";
 $text['label-caller_id_name_prefix']['uk-ua'] = "";
 
+$text['label-copy']['en-us'] = "Copy";
+$text['label-copy']['ar-eg'] = "Copy";
+$text['label-copy']['de-at'] = "Copy";
+$text['label-copy']['de-ch'] = "Copy";
+$text['label-copy']['de-de'] = "Copy";
+$text['label-copy']['es-cl'] = "Copy";
+$text['label-copy']['es-mx'] = "Copy";
+$text['label-copy']['fr-ca'] = "Copy";
+$text['label-copy']['fr-fr'] = "Copy";
+$text['label-copy']['he-il'] = "Copy";
+$text['label-copy']['it-it'] = "Copy";
+$text['label-copy']['nl-nl'] = "Copy";
+$text['label-copy']['pl-pl'] = "Copy";
+$text['label-copy']['pt-br'] = "Copy";
+$text['label-copy']['pt-pt'] = "Copy";
+$text['label-copy']['ro-ro'] = "Copy";
+$text['label-copy']['ru-ru'] = "Copy";
+$text['label-copy']['sv-se'] = "Copy";
+$text['label-copy']['uk-ua'] = "Copy";
+
 $text['header-option_list']['en-us'] = "Option List";
 $text['header-option_list']['ar-eg'] = "";
 $text['header-option_list']['de-at'] = "Optionsliste"; //copied from de-de
diff --git a/app/ivr_menus/ivr_menu_copy.php b/app/ivr_menus/ivr_menu_copy.php
index 4a333cce9a..9dbde8738e 100644
--- a/app/ivr_menus/ivr_menu_copy.php
+++ b/app/ivr_menus/ivr_menu_copy.php
@@ -44,130 +44,129 @@
 	$text = $language->get();
 
 //set the http get/post variable(s) to a php variable
-	if (isset($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
-		$ivr_menu_uuid = $_GET["id"];
+	$ivr_menu_uuid = $_GET["id"];
+
+	if (is_uuid($ivr_menu_uuid)) {
+
+		//get the ivr_menus data
+			$sql = "select * from v_ivr_menus ";
+			$sql .= "where ivr_menu_uuid = :ivr_menu_uuid ";
+			$sql .= "and domain_uuid = :domain_uuid ";
+			$parameters['ivr_menu_uuid'] = $ivr_menu_uuid;
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$database = new database;
+			$ivr_menus = $database->select($sql, $parameters, 'all');
+			if (!is_array($ivr_menus)) {
+				echo "access denied 63";
+				exit;
+			}
+			unset($sql, $parameters);
+
+		//get the the ivr menu options
+			$sql = "select * from v_ivr_menu_options ";
+			$sql .= "where ivr_menu_uuid = :ivr_menu_uuid ";
+			$sql .= "and domain_uuid = :domain_uuid ";
+			$sql .= "order by ivr_menu_uuid asc ";
+			$parameters['ivr_menu_uuid'] = $ivr_menu_uuid;
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$database = new database;
+			$ivr_menu_options = $database->select($sql, $parameters, 'all');
+			unset($sql, $parameters);
+
+		//create the uuids
+			$ivr_menu_uuid = uuid();
+			$dialplan_uuid = uuid();
+
+		//set the row id
+			$x = 0;
+
+		//set the variables
+			$ivr_menu_name = $ivr_menus[$x]['ivr_menu_name'];
+			$ivr_menu_extension = $ivr_menus[$x]['ivr_menu_extension'];
+			$ivr_menu_ringback = $ivr_menus[$x]['ivr_menu_ringback'];
+			$ivr_menu_description = $ivr_menus[$x]['ivr_menu_description'].' ('.$text['label-copy'].')';
+
+		//prepare the ivr menu array
+			$ivr_menus[$x]['ivr_menu_uuid'] = $ivr_menu_uuid;
+			$ivr_menus[$x]['dialplan_uuid'] = $dialplan_uuid;
+			$ivr_menus[$x]['ivr_menu_name'] = $ivr_menu_name;
+			$ivr_menus[$x]['ivr_menu_description'] = $ivr_menu_description;
+
+		//get the the ivr menu options
+			$y = 0;
+			foreach ($ivr_menu_options as &$row) {
+				//update the uuids
+					$row['ivr_menu_uuid'] = $ivr_menu_uuid;
+					$row['ivr_menu_option_uuid'] = uuid();
+				//add the row to the array
+					$ivr_menus[$x]["ivr_menu_options"][$y] = $row;
+				//increment the ivr menu option row id
+					$y++;
+			}
+
+		//build the xml dialplan
+			$dialplan_xml = "<extension name=\"".$ivr_menu_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
+			$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^".$ivr_menu_extension."\">\n";
+			$dialplan_xml .= "		<action application=\"answer\" data=\"\"/>\n";
+			$dialplan_xml .= "		<action application=\"sleep\" data=\"1000\"/>\n";
+			$dialplan_xml .= "		<action application=\"set\" data=\"hangup_after_bridge=true\"/>\n";
+			$dialplan_xml .= "		<action application=\"set\" data=\"ringback=".$ivr_menu_ringback."\"/>\n";
+			$dialplan_xml .= "		<action application=\"set\" data=\"transfer_ringback=".$ivr_menu_ringback."\"/>\n";
+			$dialplan_xml .= "		<action application=\"set\" data=\"ivr_menu_uuid=".$ivr_menu_uuid."\"/>\n";
+			$dialplan_xml .= "		<action application=\"ivr\" data=\"".$ivr_menu_uuid."\"/>\n";
+			$dialplan_xml .= "		<action application=\"hangup\" data=\"\"/>\n";
+			$dialplan_xml .= "	</condition>\n";
+			$dialplan_xml .= "</extension>\n";
+
+		//build the dialplan array
+			$dialplan[$x]["domain_uuid"] = $_SESSION['domain_uuid'];
+			$dialplan[$x]["dialplan_uuid"] = $dialplan_uuid;
+			$dialplan[$x]["dialplan_name"] = $ivr_menu_name;
+			$dialplan[$x]["dialplan_number"] = $ivr_menu_extension;
+			$dialplan[$x]["dialplan_context"] = $_SESSION["context"];
+			$dialplan[$x]["dialplan_continue"] = "false";
+			$dialplan[$x]["dialplan_xml"] = $dialplan_xml;
+			$dialplan[$x]["dialplan_order"] = "101";
+			$dialplan[$x]["dialplan_enabled"] = "true";
+			$dialplan[$x]["dialplan_description"] = $ivr_menu_description;
+			$dialplan[$x]["app_uuid"] = "a5788e9b-58bc-bd1b-df59-fff5d51253ab";
+
+		//prepare the array
+			$array['ivr_menus'] = $ivr_menus;
+			$array['dialplans'] = $dialplan;
+
+		//add the dialplan permission
+			$p = new permissions;
+			$p->add("dialplan_add", "temp");
+			$p->add("dialplan_edit", "temp");
+
+		//save the array to the database
+			$database = new database;
+			$database->app_name = 'ivr_menus';
+			$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
+			if (is_uuid($ivr_menu_uuid)) {
+				$database->uuid($ivr_menu_uuid);
+			}
+			$database->save($array);
+			$message = $database->message;
+
+		//remove the temporary permission
+			$p->delete("dialplan_add", "temp");
+			$p->delete("dialplan_edit", "temp");
+
+		//synchronize the xml config
+			save_dialplan_xml();
+
+		//clear the cache
+			$cache = new cache;
+			$cache->delete("dialplan:".$_SESSION["context"]);
+
+		//set message
+			message::add($text['message-copy']);
 	}
-	else {
-		echo "access denied";
-		exit;
-	}	
-
-//get the ivr_menus data
-	$sql = "select * from v_ivr_menus ";
-	$sql .= "where ivr_menu_uuid = '$ivr_menu_uuid' ";
-	$sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$ivr_menus = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	if (!is_array($ivr_menus)) {
-		echo "access denied 63";
-		exit;
-	}
-
-//get the the ivr menu options
-	$sql = "select * from v_ivr_menu_options ";
-	$sql .= "where ivr_menu_uuid = '$ivr_menu_uuid' ";
-	$sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	$sql .= "order by ivr_menu_uuid asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$ivr_menu_options = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-
-//create the uuids
-	$ivr_menu_uuid = uuid();
-	$dialplan_uuid = uuid();
-
-//set the row id
-	$x = 0;
-
-//set the variables
-	$ivr_menu_name = 'copy-'.$ivr_menus[$x]['ivr_menu_name'];
-	$ivr_menu_extension = $ivr_menus[$x]['ivr_menu_extension'];
-	$ivr_menu_ringback = $ivr_menus[$x]['ivr_menu_ringback'];
-	$ivr_menu_description = 'copy-'.$ivr_menus[$x]['ivr_menu_description'];
-
-//prepare the ivr menu array
-	$ivr_menus[$x]['ivr_menu_uuid'] = $ivr_menu_uuid;
-	$ivr_menus[$x]['dialplan_uuid'] = $dialplan_uuid;
-	$ivr_menus[$x]['ivr_menu_name'] = $ivr_menu_name;
-	$ivr_menus[$x]['ivr_menu_description'] = $ivr_menu_description;
-
-//get the the ivr menu options
-	$y = 0;
-	foreach ($ivr_menu_options as &$row) {
-
-		//update the uuids
-			$row['ivr_menu_uuid'] = $ivr_menu_uuid;
-			$row['ivr_menu_option_uuid'] = uuid();
-		
-		//add the row to the array
-			$ivr_menus[$x]["ivr_menu_options"][$y] = $row; 
-		
-		//increment the ivr menu option row id
-			$y++;
-
-	}
-
-//build the xml dialplan
-	$dialplan_xml = "<extension name=\"".$ivr_menu_name."\" continue=\"\" uuid=\"".$dialplan_uuid."\">\n";
-	$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^".$ivr_menu_extension."\">\n";
-	$dialplan_xml .= "		<action application=\"answer\" data=\"\"/>\n";
-	$dialplan_xml .= "		<action application=\"sleep\" data=\"1000\"/>\n";
-	$dialplan_xml .= "		<action application=\"set\" data=\"hangup_after_bridge=true\"/>\n";
-	$dialplan_xml .= "		<action application=\"set\" data=\"ringback=".$ivr_menu_ringback."\"/>\n";
-	$dialplan_xml .= "		<action application=\"set\" data=\"transfer_ringback=".$ivr_menu_ringback."\"/>\n";
-	$dialplan_xml .= "		<action application=\"set\" data=\"ivr_menu_uuid=".$ivr_menu_uuid."\"/>\n";
-	$dialplan_xml .= "		<action application=\"ivr\" data=\"".$ivr_menu_uuid."\"/>\n";
-	$dialplan_xml .= "		<action application=\"hangup\" data=\"\"/>\n";
-	$dialplan_xml .= "	</condition>\n";
-	$dialplan_xml .= "</extension>\n";
-
-//build the dialplan array
-	$dialplan[$x]["domain_uuid"] = $_SESSION['domain_uuid'];
-	$dialplan[$x]["dialplan_uuid"] = $dialplan_uuid;
-	$dialplan[$x]["dialplan_name"] = $ivr_menu_name;
-	$dialplan[$x]["dialplan_number"] = $ivr_menu_extension;
-	$dialplan[$x]["dialplan_context"] = $_SESSION["context"];
-	$dialplan[$x]["dialplan_continue"] = "false";
-	$dialplan[$x]["dialplan_xml"] = $dialplan_xml;
-	$dialplan[$x]["dialplan_order"] = "101";
-	$dialplan[$x]["dialplan_enabled"] = "true";
-	$dialplan[$x]["dialplan_description"] = $ivr_menu_description;
-	$dialplan[$x]["app_uuid"] = "a5788e9b-58bc-bd1b-df59-fff5d51253ab";
-
-//prepare the array
-	$array['ivr_menus'] = $ivr_menus;
-	$array['dialplans'] = $dialplan;
-
-//add the dialplan permission
-	$p = new permissions;
-	$p->add("dialplan_add", "temp");
-	$p->add("dialplan_edit", "temp");
-
-//save the array to the database
-	$database = new database;
-	$database->app_name = 'ivr_menus';
-	$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
-	if (strlen($ivr_menu_uuid) > 0) {
-		$database->uuid($ivr_menu_uuid);
-	}
-	$database->save($array);
-	$message = $database->message;
-
-//remove the temporary permission
-	$p->delete("dialplan_add", "temp");
-	$p->delete("dialplan_edit", "temp");
-
-//synchronize the xml config
-	save_dialplan_xml();
-
-//clear the cache
-	$cache = new cache;
-	$cache->delete("dialplan:".$_SESSION["context"]);
 
 //redirect the user
-	message::add($text['message-copy']);
 	header("Location: ivr_menus.php");
-	return;
+	exit;
 
 ?>
diff --git a/app/ivr_menus/ivr_menu_delete.php b/app/ivr_menus/ivr_menu_delete.php
index dd453c7726..98eb1bae52 100644
--- a/app/ivr_menus/ivr_menu_delete.php
+++ b/app/ivr_menus/ivr_menu_delete.php
@@ -42,19 +42,17 @@
 	$text = $language->get();
 
 //get the id
-	if (is_array($_GET)) {
-		$id = $_GET["id"];
-	}
+	$ivr_menu_uuid = $_GET["id"];
 
 //delete the ivr menu
-	if (is_uuid($id)) {
+	if (is_uuid($ivr_menu_uuid)) {
 
 		//get the dialplan_uuid
 			$sql = "select * from v_ivr_menus ";
 			$sql .= "where domain_uuid = :domain_uuid ";
 			$sql .= "and ivr_menu_uuid = :ivr_menu_uuid ";
 			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
-			$parameters['ivr_menu_uuid'] = $id;
+			$parameters['ivr_menu_uuid'] = $ivr_menu_uuid;
 			$database = new database;
 			$result = $database->select($sql, $parameters);
 			if (is_array($result)) {
@@ -63,7 +61,7 @@
 					$ivr_menu_context = $row["ivr_menu_context"];
 				}
 			}
-			unset($sql, $parameters);
+			unset($sql, $parameters, $result, $row);
 
 		//add the dialplan permission
 			$p = new permissions;
@@ -71,8 +69,8 @@
 
 		//delete the data
 			$array['dialplans'][]['dialplan_uuid'] = $dialplan_uuid;
-			$array['ivr_menu_options'][]['ivr_menu_uuid'] = $id;
-			$array['ivr_menus'][]['ivr_menu_uuid'] = $id;
+			$array['ivr_menu_options'][]['ivr_menu_uuid'] = $ivr_menu_uuid;
+			$array['ivr_menus'][]['ivr_menu_uuid'] = $ivr_menu_uuid;
 			$database = new database;
 			$database->app_name = 'ivr_menus';
 			$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
@@ -88,10 +86,13 @@
 		//clear the cache
 			$cache = new cache;
 			$cache->delete("dialplan:".$ivr_menu_context);
+
+		//set message
+			message::add($text['message-delete']);
 	}
 
 //redirect the user
-	message::add($text['message-delete']);
 	header("Location: ivr_menus.php");
+	exit;
 
 ?>
diff --git a/app/ivr_menus/ivr_menu_edit.php b/app/ivr_menus/ivr_menu_edit.php
index bff34ec887..0a9a0c1063 100644
--- a/app/ivr_menus/ivr_menu_edit.php
+++ b/app/ivr_menus/ivr_menu_edit.php
@@ -49,10 +49,10 @@
 	// moved to functions.php
 
 //action add or update
-	if (isset($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
+	if (is_uuid($_REQUEST["id"])) {
 		$action = "update";
-		$ivr_menu_uuid = check_str($_REQUEST["id"]);
-		if (isset($_REQUEST["ivr_menu_uuid"]) > 0) {
+		$ivr_menu_uuid = $_REQUEST["id"];
+		if (is_uuid($_REQUEST["ivr_menu_uuid"])) {
 			$ivr_menu_uuid = $_REQUEST["ivr_menu_uuid"];
 		}
 	}
@@ -64,19 +64,16 @@
 //get total ivr menu count from the database, check limit, if defined
 	if ($action == 'add') {
 		if ($_SESSION['limit']['ivr_menus']['numeric'] != '') {
-			$sql = "select count(ivr_menu_uuid) as num_rows from v_ivr_menus where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-			$prep_statement = $db->prepare($sql);
-			if ($prep_statement) {
-				$prep_statement->execute();
-				$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-				$total_ivr_menus = $row['num_rows'];
-			}
-			unset($prep_statement, $row);
+			$sql = "select count(*) as num_rows from v_ivr_menus where domain_uuid = :domain_uuid ";
+			$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+			$database = new database;
+			$total_ivr_menus = $database->select($sql, $parameters, 'column');
 			if ($total_ivr_menus >= $_SESSION['limit']['ivr_menus']['numeric']) {
 				message::add($text['message-maximum_ivr_menus'].' '.$_SESSION['limit']['ivr_menus']['numeric'], 'negative');
 				header('Location: ivr_menus.php');
-				return;
+				exit;
 			}
+			unset($sql, $parameters, $total_ivr_menus);
 		}
 	}
 
@@ -84,40 +81,40 @@
 	if (count($_POST) > 0) {
 
 		//get ivr menu
-			$ivr_menu_name = check_str($_POST["ivr_menu_name"]);
-			$ivr_menu_extension = check_str($_POST["ivr_menu_extension"]);
-			$ivr_menu_greet_long = check_str($_POST["ivr_menu_greet_long"]);
-			$ivr_menu_greet_short = check_str($_POST["ivr_menu_greet_short"]);
+			$ivr_menu_name = $_POST["ivr_menu_name"];
+			$ivr_menu_extension = $_POST["ivr_menu_extension"];
+			$ivr_menu_greet_long = $_POST["ivr_menu_greet_long"];
+			$ivr_menu_greet_short = $_POST["ivr_menu_greet_short"];
 			$ivr_menu_options = $_POST["ivr_menu_options"];
-			$ivr_menu_invalid_sound = check_str($_POST["ivr_menu_invalid_sound"]);
-			$ivr_menu_exit_sound = check_str($_POST["ivr_menu_exit_sound"]);
-			$ivr_menu_confirm_macro = check_str($_POST["ivr_menu_confirm_macro"]);
-			$ivr_menu_confirm_key = check_str($_POST["ivr_menu_confirm_key"]);
-			$ivr_menu_tts_engine = check_str($_POST["ivr_menu_tts_engine"]);
-			$ivr_menu_tts_voice = check_str($_POST["ivr_menu_tts_voice"]);
-			$ivr_menu_confirm_attempts = check_str($_POST["ivr_menu_confirm_attempts"]);
-			$ivr_menu_timeout = check_str($_POST["ivr_menu_timeout"]);
-			$ivr_menu_inter_digit_timeout = check_str($_POST["ivr_menu_inter_digit_timeout"]);
-			$ivr_menu_max_failures = check_str($_POST["ivr_menu_max_failures"]);
-			$ivr_menu_max_timeouts = check_str($_POST["ivr_menu_max_timeouts"]);
-			$ivr_menu_digit_len = check_str($_POST["ivr_menu_digit_len"]);
-			$ivr_menu_direct_dial = check_str($_POST["ivr_menu_direct_dial"]);
-			$ivr_menu_ringback = check_str($_POST["ivr_menu_ringback"]);
-			$ivr_menu_cid_prefix = check_str($_POST["ivr_menu_cid_prefix"]);
-			$ivr_menu_enabled = check_str($_POST["ivr_menu_enabled"]);
-			$ivr_menu_description = check_str($_POST["ivr_menu_description"]);
-			$dialplan_uuid = check_str($_POST["dialplan_uuid"]);
+			$ivr_menu_invalid_sound = $_POST["ivr_menu_invalid_sound"];
+			$ivr_menu_exit_sound = $_POST["ivr_menu_exit_sound"];
+			$ivr_menu_confirm_macro = $_POST["ivr_menu_confirm_macro"];
+			$ivr_menu_confirm_key = $_POST["ivr_menu_confirm_key"];
+			$ivr_menu_tts_engine = $_POST["ivr_menu_tts_engine"];
+			$ivr_menu_tts_voice = $_POST["ivr_menu_tts_voice"];
+			$ivr_menu_confirm_attempts = $_POST["ivr_menu_confirm_attempts"];
+			$ivr_menu_timeout = $_POST["ivr_menu_timeout"];
+			$ivr_menu_inter_digit_timeout = $_POST["ivr_menu_inter_digit_timeout"];
+			$ivr_menu_max_failures = $_POST["ivr_menu_max_failures"];
+			$ivr_menu_max_timeouts = $_POST["ivr_menu_max_timeouts"];
+			$ivr_menu_digit_len = $_POST["ivr_menu_digit_len"];
+			$ivr_menu_direct_dial = $_POST["ivr_menu_direct_dial"];
+			$ivr_menu_ringback = $_POST["ivr_menu_ringback"];
+			$ivr_menu_cid_prefix = $_POST["ivr_menu_cid_prefix"];
+			$ivr_menu_enabled = $_POST["ivr_menu_enabled"];
+			$ivr_menu_description = $_POST["ivr_menu_description"];
+			$dialplan_uuid = $_POST["dialplan_uuid"];
 
 		//set the context for users that do not have the permission
 			if (permission_exists('ivr_menu_context')) {
-				$ivr_menu_context = check_str($_POST["ivr_menu_context"]);
+				$ivr_menu_context = $_POST["ivr_menu_context"];
 			}
-			elseif ($action == 'add') {
+			else if ($action == 'add') {
 				$ivr_menu_context = $_SESSION['domain_name'];
 			}
 
 		//process the values
-			$ivr_menu_exit_action = check_str($_POST["ivr_menu_exit_action"]);
+			$ivr_menu_exit_action = $_POST["ivr_menu_exit_action"];
 			//$ivr_menu_exit_action = "transfer:1001 XML default";
 			$timeout_action_array = explode(":", $ivr_menu_exit_action);
 			$ivr_menu_exit_app = array_shift($timeout_action_array);
@@ -182,7 +179,7 @@
 				unset($_POST["submit"]);
 
 			//add the domain_uuid
-				if (strlen($_POST["domain_uuid"] ) == 0) {
+				if (!is_uuid($_POST["domain_uuid"])) {
 					$_POST["domain_uuid"] = $_SESSION['domain_uuid'];
 				}
 
@@ -239,13 +236,13 @@
 					}
 
 				//add a uuid to dialplan_uuid if it is empty
-					if (strlen($dialplan_uuid) == 0) {
+					if (!is_uuid($dialplan_uuid)) {
 						$dialplan_uuid = uuid();
 						$_POST["dialplan_uuid"] = $dialplan_uuid;
 					}
 
 				//build the xml dialplan
-					$ivr_menu_language = explode("/",check_str($_POST["ivr_menu_language"]));
+					$ivr_menu_language = explode("/",$_POST["ivr_menu_language"]);
 					
 					$dialplan_xml = "<extension name=\"".$ivr_menu_name."\" continue=\"false\" uuid=\"".$dialplan_uuid."\">\n";
 					$dialplan_xml .= "	<condition field=\"destination_number\" expression=\"^".$ivr_menu_extension."\$\">\n";
@@ -295,14 +292,18 @@
 
 				//add the dialplan permission
 					$p = new permissions;
-					$p->add("dialplan_add", "temp");
-					$p->add("dialplan_edit", "temp");
+					if ($action = "add") {
+						$p->add("dialplan_add", "temp");
+					}
+					else if ($action = "update") {
+						$p->add("dialplan_edit", "temp");
+					}
 
 				//save to the data
 					$database = new database;
 					$database->app_name = 'ivr_menus';
 					$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
-					if (strlen($ivr_menu_uuid) > 0) {
+					if (is_uuid($ivr_menu_uuid)) {
 						$database->uuid($ivr_menu_uuid);
 					}
 					$database->save($array);
@@ -349,8 +350,8 @@
 	$destination = new destinations;
 
 //pre-populate the form
-	if (strlen($ivr_menu_uuid) == 0) { $ivr_menu_uuid = check_str($_REQUEST["id"]); }
-	if (strlen($ivr_menu_uuid) > 0 && $_POST["persistformvar"] != "true") {
+	if (!is_uuid($ivr_menu_uuid)) { $ivr_menu_uuid = $_REQUEST["id"]; }
+	if (is_uuid($ivr_menu_uuid) && $_POST["persistformvar"] != "true") {
 		$ivr = new ivr_menu;
 		$ivr->domain_uuid = $_SESSION["domain_uuid"];
 		$ivr->ivr_menu_uuid = $ivr_menu_uuid;
@@ -393,18 +394,20 @@
 					$ivr_menu_exit_action = $ivr_menu_exit_app.":".$ivr_menu_exit_data;
 				}
 			}
-			unset ($prep_statement);
 		}
+		unset($ivr_menus, $row);
 	}
 
 //get the ivr menu options
 	$sql = "select * from v_ivr_menu_options ";
-	$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
-	$sql .= "and ivr_menu_uuid = '$ivr_menu_uuid' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
+	$sql .= "and ivr_menu_uuid = :ivr_menu_uuid ";
 	$sql .= "order by ivr_menu_option_digits, ivr_menu_option_order asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$ivr_menu_options = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$parameters['ivr_menu_uuid'] = $ivr_menu_uuid;
+	$database = new database;
+	$ivr_menu_options = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //add an empty row to the options array
 	if (count($ivr_menu_options) == 0) {
@@ -460,18 +463,20 @@
 
 //get the recordings
 	$sql = "select recording_name, recording_filename from v_recordings ";
-	$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= "order by recording_name asc ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$recordings = $prep_statement->fetchAll(PDO::FETCH_ASSOC);
+	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	$database = new database;
+	$recordings = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get the phrases
 	$sql = "select * from v_phrases ";
-	$sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$phrases = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+	$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
+	$parameters['domain_uuid'] = $domain_uuid;
+	$database = new database;
+	$phrases = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //get the sound files
 	$file = new file;
@@ -665,7 +670,6 @@
 					echo "	<option value='phrase:".escape($row["phrase_uuid"])."'>".escape($row["phrase_name"])."</option>\n";
 				}
 			}
-			unset ($prep_statement);
 			echo "</optgroup>\n";
 		}
 	//sounds
@@ -809,7 +813,6 @@
 			}
 			echo "</optgroup>\n";
 		}
-		unset ($prep_statement);
 	//sounds
 		/*
 		if (is_array($sound_files)) {
@@ -1418,7 +1421,7 @@
 	echo "</tr>\n";
 	echo "	<tr>\n";
 	echo "		<td colspan='2' align='right'>\n";
-	if (strlen($ivr_menu_uuid) > 0) {
+	if (is_uuid($ivr_menu_uuid)) {
 		echo "		<input type='hidden' name='ivr_menu_uuid' value='".escape($ivr_menu_uuid)."'>\n";
 		echo "		<input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
 	}
diff --git a/app/ivr_menus/ivr_menu_option_delete.php b/app/ivr_menus/ivr_menu_option_delete.php
index 78166b195c..f29646c289 100644
--- a/app/ivr_menus/ivr_menu_option_delete.php
+++ b/app/ivr_menus/ivr_menu_option_delete.php
@@ -43,13 +43,11 @@
 	$text = $language->get();
 
 //set the http values as variables
-	if (count($_GET) > 0) {
-		$id = check_str($_GET["id"]);
-		$ivr_menu_uuid = check_str($_GET["ivr_menu_uuid"]);
-	}
+	$ivr_menu_option_uuid = $_GET["id"];
+	$ivr_menu_uuid = $_GET["ivr_menu_uuid"];
 
 //delete the ivr menu option
-	if (is_uuid($id)) {
+	if (is_uuid($ivr_menu_option_uuid) && is_uuid($ivr_menu_uuid)) {
 		//get the dialplan_uuid
 			$sql = "select * from v_ivr_menus ";
 			$sql .= "where domain_uuid = :domain_uuid ";
@@ -64,25 +62,30 @@
 					$ivr_menu_context = $row["ivr_menu_context"];
 				}
 			}
-			unset($sql, $parameters);
+			unset($sql, $parameters, $result, $row);
 
 		//delete the data
-			$array['ivr_menu_options'][]['ivr_menu_option_uuid'] = $id;
+			$array['ivr_menu_options'][]['ivr_menu_option_uuid'] = $ivr_menu_option_uuid;
 			$database = new database;
 			$database->app_name = 'ivr_menus';
 			$database->app_uuid = 'a5788e9b-58bc-bd1b-df59-fff5d51253ab';
 			$database->delete($array);
 			//$message = $database->message;
+
+		//clear the cache
+			$cache = new cache;
+			$cache->delete("dialplan:".$ivr_menu_context);
+
+		//set message
+			message::add($text['message-delete']);
+
+		//redirect the user
+			header('Location: ivr_menu_edit.php?id='.$ivr_menu_uuid);
+			exit;
 	}
 
-//clear the cache
-	$cache = new cache;
-	$cache->delete("dialplan:".$ivr_menu_context);
-
-//redirect the user
-	message::add($text['message-delete']);
-	if (is_uuid($ivr_menu_uuid)) {
-		header('Location: ivr_menu_edit.php?id='.$ivr_menu_uuid);
-	}
+//default redirect
+	header('Location: ivr_menus.php');
+	exit;
 
 ?>
diff --git a/app/ivr_menus/ivr_menus.php b/app/ivr_menus/ivr_menus.php
index 07fce669b3..55239a0af4 100644
--- a/app/ivr_menus/ivr_menus.php
+++ b/app/ivr_menus/ivr_menus.php
@@ -43,37 +43,38 @@
 	$text = $language->get();
 
 //get variables used to control the order
-	$order_by = check_str($_GET["order_by"]);
-	$order = check_str($_GET["order"]);
+	$order_by = $_GET["order_by"];
+	$order = $_GET["order"];
 
 //add the search term
-	$search = strtolower(check_str($_GET["search"]));
+	$search = strtolower($_GET["search"]);
 	if (strlen($search) > 0) {
 		$sql_search = "and (";
-		$sql_search .= "lower(ivr_menu_name) like '%".$search."%' ";
-		$sql_search .= "or lower(ivr_menu_extension) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_greet_long) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_greet_short) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_invalid_sound) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_exit_sound) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_confirm_macro) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_confirm_key) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_tts_engine) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_tts_voice) like '%".$search."%' ";
+		$sql_search .= "lower(ivr_menu_name) like :search ";
+		$sql_search .= "or lower(ivr_menu_extension) like :search ";
+		//$sql_search .= "or lower(ivr_menu_greet_long) like :search ";
+		//$sql_search .= "or lower(ivr_menu_greet_short) like :search ";
+		//$sql_search .= "or lower(ivr_menu_invalid_sound) like :search ";
+		//$sql_search .= "or lower(ivr_menu_exit_sound) like :search ";
+		//$sql_search .= "or lower(ivr_menu_confirm_macro) like :search ";
+		//$sql_search .= "or lower(ivr_menu_confirm_key) like :search ";
+		//$sql_search .= "or lower(ivr_menu_tts_engine) like :search ";
+		//$sql_search .= "or lower(ivr_menu_tts_voice) like :search ";
 		//$sql_search .= "or lower(ivr_menu_confirm_attempts) like '%".$search."%'" ;
-		//$sql_search .= "or lower(ivr_menu_timeout) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_exit_app) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_exit_data) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_inter_digit_timeout) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_max_failures) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_max_timeouts) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_digit_len) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_direct_dial) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_ringback) like '%".$search."%' ";
-		//$sql_search .= "or lower(ivr_menu_cid_prefix) like '%".$search."%' ";
-		$sql_search .= "or lower(ivr_menu_enabled) like '%".$search."%' ";
-		$sql_search .= "or lower(ivr_menu_description) like '%".$search."%' ";
+		//$sql_search .= "or lower(ivr_menu_timeout) like :search ";
+		//$sql_search .= "or lower(ivr_menu_exit_app) like :search ";
+		//$sql_search .= "or lower(ivr_menu_exit_data) like :search ";
+		//$sql_search .= "or lower(ivr_menu_inter_digit_timeout) like :search ";
+		//$sql_search .= "or lower(ivr_menu_max_failures) like :search ";
+		//$sql_search .= "or lower(ivr_menu_max_timeouts) like :search ";
+		//$sql_search .= "or lower(ivr_menu_digit_len) like :search ";
+		//$sql_search .= "or lower(ivr_menu_direct_dial) like :search ";
+		//$sql_search .= "or lower(ivr_menu_ringback) like :search ";
+		//$sql_search .= "or lower(ivr_menu_cid_prefix) like :search ";
+		$sql_search .= "or lower(ivr_menu_enabled) like :search ";
+		$sql_search .= "or lower(ivr_menu_description) like :search ";
 		$sql_search .= ")";
+		$parameters['search'] = '%'.$search.'%';
 	}
 
 //additional includes
@@ -81,21 +82,12 @@
 	require_once "resources/paging.php";
 
 //prepare to page the results
-	$sql = "select count(ivr_menu_uuid) as num_rows from v_ivr_menus ";
-	$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' ";
+	$sql = "select count(*) from v_ivr_menus ";
+	$sql .= "where domain_uuid = :domain_uuid ";
 	$sql .= $sql_search;
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-	$prep_statement = $db->prepare($sql);
-	if ($prep_statement) {
-		$prep_statement->execute();
-		$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
-		if ($row['num_rows'] > 0) {
-				$num_rows = $row['num_rows'];
-		}
-		else {
-				$num_rows = '0';
-		}
-	}
+	$parameters['domain_uuid'] = $_SESSION["domain_uuid"];
+	$database = new database;
+	$num_rows = $database->select($sql, $parameters, 'column');
 
 //prepare to page the results
 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
@@ -106,15 +98,12 @@
 	$offset = $rows_per_page * $page;
 
 //get the list
-	$sql = "select * from v_ivr_menus ";
-	$sql .= "where domain_uuid = '".$_SESSION["domain_uuid"]."' ";
-	$sql .= $sql_search;
-	if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
-	$sql .= "limit $rows_per_page offset $offset ";
-	$prep_statement = $db->prepare(check_sql($sql));
-	$prep_statement->execute();
-	$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-	unset ($prep_statement, $sql);
+	$sql = str_replace('count(*)', '*', $sql);
+	$sql .= order_by($order_by, $order);
+	$sql .= limit_offset($rows_per_page, $offset);
+	$database = new database;
+	$result = $database->select($sql, $parameters, 'all');
+	unset($sql, $parameters);
 
 //alternate the row style
 	$c = 0;
@@ -219,9 +208,9 @@
 			echo "	</td>\n";
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
-		} //end foreach
-		unset($sql, $result, $row_count);
-	} //end if results
+		}
+	}
+	unset($result, $row);
 
 	echo "<tr>\n";
 	echo "<td colspan='27' align='left'>\n";