From 2ee30ccd5b85d4ade230b5e7d0691cd5f44860d1 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 17 Sep 2021 18:29:33 +0200
Subject: [PATCH] ensure user ids passed to getAllKeywordCategories() are all
 integers

---
 SeedDMS_Core/Core/inc.ClassDMS.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php
index 2bf05c4b0..907e2c8c9 100644
--- a/SeedDMS_Core/Core/inc.ClassDMS.php
+++ b/SeedDMS_Core/Core/inc.ClassDMS.php
@@ -2317,8 +2317,11 @@ class SeedDMS_Core_DMS {
 
 	function getAllKeywordCategories($userIDs = array()) { /* {{{ */
 		$queryStr = "SELECT * FROM `tblKeywordCategories`";
-		if ($userIDs)
+		/* Ensure $userIDs() will only contain integers > 0 */
+		$userIDs = array_filter(array_unique(array_map('intval', $userIDs)), function($a) {return $a > 0;});
+		if ($userIDs) {
 			$queryStr .= " WHERE `owner` IN (".implode(',', $userIDs).")";
+		}
 
 		$resArr = $this->db->getResultArray($queryStr);
 		if (is_bool($resArr) && !$resArr)