From cfdcdd2dccedb8dbd8547f247952afa24cc86e80 Mon Sep 17 00:00:00 2001
From: loiclau <loic.lau@gmail.com>
Date: Mon, 22 May 2017 17:35:26 +0200
Subject: [PATCH] fix query context #5263

---
 .../downtime/xml/broker/makeXMLForDowntime.php         | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/www/include/monitoring/downtime/xml/broker/makeXMLForDowntime.php b/www/include/monitoring/downtime/xml/broker/makeXMLForDowntime.php
index f9f0d881aa..b2455de90a 100644
--- a/www/include/monitoring/downtime/xml/broker/makeXMLForDowntime.php
+++ b/www/include/monitoring/downtime/xml/broker/makeXMLForDowntime.php
@@ -99,8 +99,8 @@ if (!$service_id) {
     		  AND cancelled = 0
     		  AND end_time > UNIX_TIMESTAMP(NOW())
     		  ORDER BY actual_start_time";
-    $stmt = $pearDB->prepare($query);
-    $res = $pearDB->execute($stmt, array($dbb->escape($host_id)));
+    $stmt = $dbb->prepare($query);
+    $res = $dbb->execute($stmt, array((int)$host_id));
 } else {
     $query = "SELECT author, actual_start_time, end_time, comment_data, duration, fixed
     		  FROM downtimes
@@ -109,9 +109,11 @@ if (!$service_id) {
     		  AND cancelled = 0
     		  AND end_time > UNIX_TIMESTAMP(NOW())
     		  ORDER BY actual_start_time";
-    $stmt = $pearDB->prepare($query);
-    $res = $pearDB->execute($stmt, array($dbb->escape($host_id), $dbb->escape($service_id)));
+    $stmt = $dbb->prepare($query);
+    $res = $dbb->execute($stmt, array((int)$host_id, (int)$service_id));
 }
+
+
 $rowClass = "list_one";
 while ($row = $res->fetchRow()) {
     $row['comment_data'] = strip_tags($row['comment_data']);
-- 
GitLab