From f50ca8b187debd8cd6ab6fe1541e28f2e5e0d52c Mon Sep 17 00:00:00 2001
From: stephen waite <stephen.waite@cmsvt.com>
Date: Tue, 9 Jul 2024 20:38:09 -0400
Subject: [PATCH] fix: bug (#7552)

* fix: bug

* simplify
---
 src/Gacl/GaclApi.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/Gacl/GaclApi.php b/src/Gacl/GaclApi.php
index a41ddb295b5..b1088a9d683 100644
--- a/src/Gacl/GaclApi.php
+++ b/src/Gacl/GaclApi.php
@@ -799,7 +799,7 @@ function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_ar
 		//ACO
 		foreach ($aco_array as $aco_section_value => $aco_value_array) {
 			$this->debug_text("is_conflicting_acl(): ACO Section Value: $aco_section_value ACO VALUE: " . implode(',', $aco_value_array));
-			//showarray($aco_array);
+			//$this->showarray($aco_array);
 
 			if (!is_array($aco_value_array)) {
 				$this->debug_text('is_conflicting_acl(): Invalid Format for ACO Array item. Skipping...');
@@ -809,7 +809,7 @@ function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_ar
 			//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
 			//'ac1' => 'ac.acl_id=a.id',
 			$where_query = array(
-				'ac2' => '(ac.section_value='. $this->db->quote($aco_section_value) .' AND ac.value IN (\''. implode ('\',\'', $aco_value_array) .'\'))'
+				'ac2' => '(ac.section_value=' . $this->db->quote($aco_section_value) . ' AND ac.value IN (\'' . implode('\',\'', array_map('add_escape_custom', $aco_value_array)) . '\'))'
 			);
 
 			//ARO
@@ -827,7 +827,8 @@ function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_ar
 
 				//Move the below line in to the LEFT JOIN above for PostgreSQL sake.
 				//$where_query['ar1'] = 'ar.acl_id=a.id';
-				$where_query['ar2'] = '(ar.section_value='. $this->db->quote($aro_section_value) .' AND ar.value IN (\''. implode ('\',\'', $aro_value_array) .'\'))';
+
+                $where_query['ar2'] = '(ar.section_value=' . $this->db->quote($aro_section_value) . ' AND ar.value IN (' . implode('\',\'', array_map('add_escape_custom', $aro_value_array)) . '\'))';
 
 				if (is_array($axo_array) AND count($axo_array) > 0) {
 					foreach ($axo_array as $axo_section_value => $axo_value_array) {
@@ -843,7 +844,7 @@ function is_conflicting_acl($aco_array, $aro_array, $aro_group_ids=NULL, $axo_ar
 
 						//$where_query['ax1'] = 'ax.acl_id=x.id';
 						$where_query['ax1'] = 'ax.acl_id=a.id';
-						$where_query['ax2'] = '(ax.section_value='. $this->db->quote($axo_section_value) .' AND ax.value IN (\''. implode ('\',\'', $axo_value_array) .'\'))';
+						$where_query['ax2'] = '(ax.section_value='. $this->db->quote($axo_section_value) .' AND ax.value IN (' . implode('\',\'', array_map('add_escape_custom', $axo_value_array)) . '\'))';
 
 						$where  = 'WHERE ' . implode(' AND ', $where_query);