From 6ec0b5a1dc8913301ce3bd4b8ca2449b16d17849 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 17 Dec 2024 15:58:23 -0500 Subject: [PATCH] Fix SQL query when a user is limited to a subset of monitors and tries to view all zones. --- web/skins/classic/views/zones.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php index 5d3c08ba4..c77737b12 100644 --- a/web/skins/classic/views/zones.php +++ b/web/skins/classic/views/zones.php @@ -25,7 +25,7 @@ if ( isset($_REQUEST['mid']) ) { } else if ( isset($_REQUEST['mids']) ) { $mids = array_map(function($mid){return validCardinal($mid);}, $_REQUEST['mids'] ); } else { - $mids = dbFetchAll('SELECT Id FROM Monitors'.($user->unviewableMonitorIds() ? 'WHERE Id IN ('.$user->viewableMonitorIds().')' : ''), 'Id'); + $mids = dbFetchAll('SELECT Id FROM Monitors'.($user->unviewableMonitorIds() ? ' WHERE Id IN ('.implode(',', array_map(function(){return '?';}, $user->viewableMonitorIds())).')' : ''), 'Id', $user->viewableMonitorIds()); } if ( !($mids and count($mids)) ) {