From 3b1be3346b2cda92454c3bc4cbd87e6161cebd8e Mon Sep 17 00:00:00 2001
From: Isaac Connor <iconnor@connortechnology.com>
Date: Mon, 7 Sep 2020 10:21:06 -0400
Subject: [PATCH 1/2] escape table name when updating Objects

---
 web/includes/Object.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/includes/Object.php b/web/includes/Object.php
index 09be86a9e..2af989e8a 100644
--- a/web/includes/Object.php
+++ b/web/includes/Object.php
@@ -306,7 +306,7 @@ class ZM_Object {
     $fields = array_keys($fields);
 
     if ( $this->Id() ) {
-      $sql = 'UPDATE '.$table.' SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?';
+      $sql = 'UPDATE `'.$table.'` SET '.implode(', ', array_map(function($field) {return '`'.$field.'`=?';}, $fields)).' WHERE Id=?';
       $values = array_map(function($field){ return $this->{$field};}, $fields);
       $values[] = $this->{'Id'};
       if ( dbQuery($sql, $values) )
@@ -314,8 +314,8 @@ class ZM_Object {
     } else {
       unset($fields['Id']);
 
-      $sql = 'INSERT INTO '.$table.
-        ' ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)).
+      $sql = 'INSERT INTO `'.$table.
+        '` ('.implode(', ', array_map(function($field) {return '`'.$field.'`';}, $fields)).
           ') VALUES ('.
           implode(', ', array_map(function($field){return '?';}, $fields)).')';
 

From 8ad62b89050e7f4c0e97b931b1fe2bc60bd573e8 Mon Sep 17 00:00:00 2001
From: Pliable Pixels <pliablepixels@gmail.com>
Date: Sun, 13 Sep 2020 16:43:49 -0400
Subject: [PATCH 2/2] another try at fixing Eventcontroller

---
 web/api/app/Controller/EventsController.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/web/api/app/Controller/EventsController.php b/web/api/app/Controller/EventsController.php
index 5188c18b4..3b132e932 100644
--- a/web/api/app/Controller/EventsController.php
+++ b/web/api/app/Controller/EventsController.php
@@ -434,14 +434,11 @@ class EventsController extends AppController {
     // Find the max Frame for this Event.  Error out otherwise.
     $this->loadModel('Frame');
 
-    if (! $frame = $this->Frame->find('first', array(
+    $frame = $this->Frame->find('first', array(
       'conditions' => array(
-        'EventId' => $event['Event']['Id'],
-        'Score' => $event['Event']['MaxScore']
-      )
-    ))) {
-      throw new NotFoundException(__('Can not find Frame for Event ' . $event['Event']['Id']));
-    }
-    return $frame['Frame']['Id'];
+      'EventId' => $event['Event']['Id'],
+      'Score' => $event['Event']['MaxScore']
+    )));
+    return empty($frame)?null:$frame['Frame']['Id'];
   }
 } // end class EventsController