From e0edcbda22960f9e1e70439fa85dd30d6b9f569a Mon Sep 17 00:00:00 2001
From: Sebastien Heraud <sebastien@heraud.me>
Date: Fri, 6 Jul 2018 15:47:43 +0200
Subject: [PATCH] Fix server side validation [Ajax Availability]

---
 .../ajax_availability/ajax_availability.php   | 28 ++++++++-----------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/plugins/cck_field_validation/ajax_availability/ajax_availability.php b/plugins/cck_field_validation/ajax_availability/ajax_availability.php
index 24ba82351..abc0d319b 100644
--- a/plugins/cck_field_validation/ajax_availability/ajax_availability.php
+++ b/plugins/cck_field_validation/ajax_availability/ajax_availability.php
@@ -154,25 +154,19 @@ protected static function _where( $table, $fieldnames, $values, $method = 'array
 		$fields		=	JCckDatabase::loadObjectList( 'SELECT name, storage, storage_table, storage_field FROM #__cck_core_fields WHERE name IN ("'.str_replace( '||', '","', $fieldnames ).'")', 'name' );
 		$s_fields	=	array();
 		$where		=	explode( '||', $fieldnames );
-		if ( $method == 'object' ) {
-			foreach ( $where as $w ) {
-				if ( isset( $fields[$w] ) && $fields[$w]->storage == 'standard' && $fields[$w]->storage_table == $table ) {
-					$s_field	=	$fields[$w]->storage_field;
+
+		foreach ( $where as $w ) {
+			if ( isset( $fields[$w] ) && $fields[$w]->storage == 'standard' && $fields[$w]->storage_table == $table ) {
+				$s_field	=	$fields[$w]->storage_field;
+
+				if ( $method == 'object' ) {
 					$v			=	isset( $values->$s_field ) ? $values->$s_field : '';
-					if ( $v != '' && !isset( $s_fields[$s_field] ) ) {
-						$s_fields[$s_field]	=	'';
-						$and				.=	' AND '.$s_field.'="'.JCckDatabase::escape( $v ).'"';
-					}
+				} else {
+					$v			=	$values[$w]->value;
 				}
-			}
-		} else {
-			foreach ( $where as $w ) {
-				if ( isset( $fields[$w] ) && $fields[$w]->storage == 'standard' && $fields[$w]->storage_table == $table ) {
-					$v		=	$values[$w]->value;
-					if ( $v != '' && !isset( $s_fields[$s_field] ) ) {
-						$s_fields[$s_field]	=	'';
-						$and				.=	' AND '.$values[$w]->storage_field.'="'.JCckDatabase::escape( $v ).'"';
-					}
+				if ( $v != '' && !isset( $s_fields[$s_field] ) ) {
+					$s_fields[$s_field]	=	'';
+					$and				.=	' AND '.$s_field.'="'.JCckDatabase::escape( $v ).'"';
 				}
 			}
 		}