From f65903e75ee82feb91335c8056e972aa6e7575a3 Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Tue, 29 Nov 2016 11:04:00 -0700
Subject: [PATCH] Update extension.php

Update the function exists method.
---
 app/extensions/resources/classes/extension.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/extensions/resources/classes/extension.php b/app/extensions/resources/classes/extension.php
index 3e302a6b74..c6571c96f4 100644
--- a/app/extensions/resources/classes/extension.php
+++ b/app/extensions/resources/classes/extension.php
@@ -84,11 +84,15 @@ if (!class_exists('extension')) {
 
 		public function exists($extension) {
 			$sql = "select extension_uuid from v_extensions ";
-			$sql .= "where domain_uuid = '".$this->domain_uuid."' ";
-			$sql .= "and (extension = '$extension' or number_alias = '$extension') ";
+			$sql .= "where domain_uuid = :domain_uuid ";
+			$sql .= "and (extension = :extension or number_alias = :extension) ";
 			$sql .= "and enabled = 'true' ";
-			$result = $this->db->query($sql)->fetchAll(PDO::FETCH_ASSOC);
-			if (count($result) > 0) {
+			$prep_statement = $this->db->prepare(check_sql($sql));
+			$prep_statement->bindParam(':domain_uuid', $this->domain_uuid);
+			$prep_statement->bindParam(':extension', $extension);
+			$prep_statement->execute();
+			$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+			if (count($result) > 0 && count($result) > 0) {
 				return true;
 			}
 			else {