From e0850cbba3148e21f4219861ca1f616e7bf3c374 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?=
 <juliocesar@processmaker.com>
Date: Tue, 30 May 2017 12:37:53 -0400
Subject: [PATCH] HOR-3202

---
 .../engine/methods/groups/groups_Ajax.php     | 24 ++++++-------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/workflow/engine/methods/groups/groups_Ajax.php b/workflow/engine/methods/groups/groups_Ajax.php
index b048b3162..9e6bc8b6b 100644
--- a/workflow/engine/methods/groups/groups_Ajax.php
+++ b/workflow/engine/methods/groups/groups_Ajax.php
@@ -268,27 +268,17 @@ switch ($_POST['action']) {
         $limit = isset( $_REQUEST['limit'] ) ? $_REQUEST['limit'] : $limit_size;
         $filter = isset( $_REQUEST['textFilter'] ) ? $_REQUEST['textFilter'] : '';
 
-        $sGroupUID = $_REQUEST['gUID'];
-        $oCriteria = new Criteria( 'workflow' );
-        $oCriteria->addSelectColumn( GroupUserPeer::GRP_UID );
-        $oCriteria->addSelectColumn( UsersPeer::USR_UID );
-        $oCriteria->addJoin( GroupUserPeer::USR_UID, UsersPeer::USR_UID, Criteria::LEFT_JOIN );
-        $oCriteria->add( GroupUserPeer::GRP_UID, $sGroupUID );
-        $oCriteria->add( UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL );
-        $oDataset = UsersPeer::doSelectRS( $oCriteria );
-        $oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
-        $oDataset->next();
-        $uUIDs = array ();
-        while ($aRow = $oDataset->getRow()) {
-            $uUIDs[] = $aRow['USR_UID'];
-            $oDataset->next();
-        }
+        $inputFilter = new InputFilter();
+        $subQuery = "SELECT " . GroupUserPeer::USR_UID .
+                    " FROM " . GroupUserPeer::TABLE_NAME .
+                    " WHERE " . GroupUserPeer::GRP_UID . " = '" .
+                    $inputFilter->quoteSmart($_REQUEST['gUID'], Propel::getConnection("workflow")) . "'";
 
         $aUsers = Array ();
         $oCriteria = new Criteria( 'workflow' );
         $oCriteria->addSelectColumn( 'COUNT(*) AS CNT' );
         $oCriteria->add( UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL );
-        $oCriteria->add( UsersPeer::USR_UID, $uUIDs, Criteria::NOT_IN );
+        $oCriteria->add( UsersPeer::USR_UID, UsersPeer::USR_UID . " NOT IN ($subQuery)", Criteria::CUSTOM );
         $filter = (isset( $_POST['textFilter'] )) ? $_POST['textFilter'] : '';
         if ($filter != '') {
             $oCriteria->add( $oCriteria->getNewCriterion( UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE ) ) ) );
@@ -307,7 +297,7 @@ switch ($_POST['action']) {
         $oCriteria->addSelectColumn( UsersPeer::USR_EMAIL );
         $oCriteria->addSelectColumn( UsersPeer::USR_STATUS );
         $oCriteria->add( UsersPeer::USR_STATUS, 'CLOSED', Criteria::NOT_EQUAL );
-        $oCriteria->add( UsersPeer::USR_UID, $uUIDs, Criteria::NOT_IN );
+        $oCriteria->add( UsersPeer::USR_UID, UsersPeer::USR_UID . " NOT IN ($subQuery)", Criteria::CUSTOM );
         $filter = (isset( $_POST['textFilter'] )) ? $_POST['textFilter'] : '';
         if ($filter != '') {
             $oCriteria->add( $oCriteria->getNewCriterion( UsersPeer::USR_USERNAME, '%' . $filter . '%', Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_FIRSTNAME, '%' . $filter . '%', Criteria::LIKE )->addOr( $oCriteria->getNewCriterion( UsersPeer::USR_LASTNAME, '%' . $filter . '%', Criteria::LIKE ) ) ) );