From b51d8a825bed9f786cd436749bbb48be54616b35 Mon Sep 17 00:00:00 2001
From: Christian Wach <needle@haystack.co.uk>
Date: Wed, 9 Oct 2019 09:33:29 +0100
Subject: [PATCH] Pass contact ID as param to executeQuery()

Signed-off-by: Kevin Cristiano <kcristiano@kcristiano.com>
---
 civicrm/CRM/Core/BAO/Dashboard.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/civicrm/CRM/Core/BAO/Dashboard.php b/civicrm/CRM/Core/BAO/Dashboard.php
index 99dff8f057..a94154d178 100644
--- a/civicrm/CRM/Core/BAO/Dashboard.php
+++ b/civicrm/CRM/Core/BAO/Dashboard.php
@@ -373,15 +373,23 @@ class CRM_Core_BAO_Dashboard extends CRM_Core_DAO_Dashboard {
     // Restrict query to Dashlets in this domain.
     $domainDashletClause = !empty($domainDashletIDs) ? "dashboard_id IN (" . implode(',', $domainDashletIDs) . ")" : '(1)';
 
-    // Disable inactive widgets.
-    $dashletClause = $dashletIDs ? "dashboard_id NOT IN  (" . implode(',', $dashletIDs) . ")" : '(1)';
+    // Target only those Dashlets which are inactive.
+    $dashletClause = $dashletIDs ? "dashboard_id NOT IN (" . implode(',', $dashletIDs) . ")" : '(1)';
+
+    // Build params.
+    $params = [
+      1 => [$contactID, 'Integer'],
+    ];
+
+    // Build query.
     $updateQuery = "UPDATE civicrm_dashboard_contact
                     SET is_active = 0
                     WHERE $domainDashletClause
                     AND $dashletClause
-                    AND contact_id = {$contactID}";
+                    AND contact_id = %1";
 
-    CRM_Core_DAO::executeQuery($updateQuery);
+    // Disable inactive widgets.
+    CRM_Core_DAO::executeQuery($updateQuery, $params);
   }
 
   /**
-- 
GitLab