From 7dd95f6afe982c7bbceafcade2ba5b422169619f Mon Sep 17 00:00:00 2001
From: digital-gnome <31593470+digital-gnome@users.noreply.github.com>
Date: Mon, 25 Sep 2017 20:33:50 -0400
Subject: [PATCH] getNearEvents prev always 0

getNearEvents always returns 0 for prev event.  sortColumn is escaped with passes it with single quotes and breaks the query.  I changed it to match next event by removing the escape.
---
 web/ajax/status.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/ajax/status.php b/web/ajax/status.php
index fbd91cf08..84399989d 100644
--- a/web/ajax/status.php
+++ b/web/ajax/status.php
@@ -367,7 +367,7 @@ function getNearEvents() {
   else
     $midSql = '';
 
-  $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where ".dbEscape($sortColumn)." ".($sortOrder=='asc'?'<=':'>=')." '".$event[$_REQUEST['sort_field']]."'".$_REQUEST['filter']['sql'].$midSql." order by $sortColumn ".($sortOrder=='asc'?'desc':'asc');
+  $sql = "select E.Id as Id from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sortColumn ".($sortOrder=='asc'?'<=':'>=')." '".$event[$_REQUEST['sort_field']]."'".$_REQUEST['filter']['sql'].$midSql." order by $sortColumn ".($sortOrder=='asc'?'desc':'asc');
   $result = dbQuery( $sql );
   while ( $id = dbFetchNext( $result, 'Id' ) ) {
     if ( $id == $eventId ) {