From c2adb92d28c13e310563a8435ddf01b1c72ce6c4 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Sat, 22 Mar 2025 18:32:56 -0400
Subject: [PATCH] Rework tag filter a bit to use array_map instead of looping
 through the get vars, update string wording to tag_filter and only show tags
 in the tag filter that are relatd to an entity and also include tags in the
 get var fixes

---
 clients.php     | 24 ++++++++----------------
 contacts.php    | 20 ++++++++------------
 credentials.php | 16 ++++++----------
 locations.php   | 16 ++++++----------
 4 files changed, 28 insertions(+), 48 deletions(-)

diff --git a/clients.php b/clients.php
index a7f9fe69..15515dce 100644
--- a/clients.php
+++ b/clients.php
@@ -20,18 +20,14 @@ if (isset($_GET['leads']) && $_GET['leads'] == 1) {
 
 // Tags Filter
 if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
-    // Sanitize each element of the status array
-    $sanitizedTags = array();
-    foreach ($_GET['tags'] as $tag) {
-        // Escape each status to prevent SQL injection
-        $sanitizedTags[] = "'" . intval($tag) . "'";
-    }
-
+    // Sanitize each element of the tags array
+    $sanitizedTags = array_map('intval', $_GET['tags']);
     // Convert the sanitized tags into a comma-separated string
-    $sanitizedTagsString = implode(",", $sanitizedTags);
-    $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
+    $tag_filter = implode(",", $sanitizedTags);
+    $tag_query = "AND tags.tag_id IN ($tag_filter)";
 } else {
-    $tag_query = '';    
+    $tag_filter = 0;
+    $tag_query = '';
 }
 
 // Industry Filter
@@ -191,12 +187,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                 <select onchange="this.form.submit()" class="form-control select2" name="tags[]" data-placeholder="- Select Tags -" multiple>
                                     <?php 
                                     $sql_tags_filter = mysqli_query($mysqli, "
-                                        SELECT tags.tag_id, tags.tag_name, tag_type
+                                        SELECT tags.tag_id, tags.tag_name
                                         FROM tags 
                                         LEFT JOIN client_tags ON client_tags.tag_id = tags.tag_id
                                         WHERE tag_type = 1
                                         GROUP BY tags.tag_id
-                                        HAVING COUNT(client_tags.client_id) > 0
+                                        HAVING COUNT(client_tags.client_id) > 0 OR tags.tag_id IN ($tag_filter)
                                     ");
                                     while ($row = mysqli_fetch_array($sql_tags_filter)) {
                                         $tag_id = intval($row['tag_id']);
@@ -497,10 +493,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
 <?php
 require_once "modals/client_add_modal.php";
-
 require_once "modals/client_import_modal.php";
-
 require_once "modals/client_export_modal.php";
-
 require_once "includes/footer.php";
-
diff --git a/contacts.php b/contacts.php
index a16851cf..05cb817c 100644
--- a/contacts.php
+++ b/contacts.php
@@ -17,17 +17,13 @@ if (isset($_GET['client_id'])) {
 
 // Tags Filter
 if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
-    // Sanitize each element of the status array
-    $sanitizedTags = array();
-    foreach ($_GET['tags'] as $tag) {
-        // Escape each status to prevent SQL injection
-        $sanitizedTags[] = "'" . intval($tag) . "'";
-    }
-
+    // Sanitize each element of the tags array
+    $sanitizedTags = array_map('intval', $_GET['tags']);
     // Convert the sanitized tags into a comma-separated string
-    $sanitizedTagsString = implode(",", $sanitizedTags);
-    $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
+    $tag_filter = implode(",", $sanitizedTags);
+    $tag_query = "AND tags.tag_id IN ($tag_filter)";
 } else {
+    $tag_filter = 0;
     $tag_query = '';
 }
 
@@ -119,12 +115,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
 
                             <?php
                             $sql_tags_filter = mysqli_query($mysqli, "
-                                SELECT tags.tag_id, tags.tag_name, tag_type 
+                                SELECT tags.tag_id, tags.tag_name
                                 FROM tags 
                                 LEFT JOIN contact_tags ON contact_tags.tag_id = tags.tag_id
                                 LEFT JOIN contacts ON contact_tags.contact_id = contacts.contact_id
                                 WHERE tag_type = 3
-                                $client_query  -- This ensures we only get tags relevant to the selected client
+                                $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
                                 GROUP BY tags.tag_id
                                 HAVING COUNT(contact_tags.contact_id) > 0
                             ");
@@ -132,7 +128,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                 $tag_id = intval($row['tag_id']);
                                 $tag_name = nullable_htmlentities($row['tag_name']); ?>
 
-                                <option value="<?php echo $tag_id ?>" <?php if (isset($_GET['tags']) && is_array($_GET['tags']) && in_array($tag_id, $_GET['tags'])) { echo 'selected'; } ?>> <?php echo $tag_name ?> </option>
+                                <option value="<?php echo $tag_id ?>" <?php if (isset($_GET['tags']) && in_array($tag_id, $_GET['tags'])) { echo 'selected'; } ?>> <?php echo $tag_name ?> </option>
 
                             <?php } ?>
                         </select>
diff --git a/credentials.php b/credentials.php
index f2847232..5cd23caf 100644
--- a/credentials.php
+++ b/credentials.php
@@ -24,17 +24,13 @@ enforceUserPermission('module_credential');
 
 // Tags Filter
 if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
-    // Sanitize each element of the status array
-    $sanitizedTags = array();
-    foreach ($_GET['tags'] as $tag) {
-        // Escape each status to prevent SQL injection
-        $sanitizedTags[] = "'" . intval($tag) . "'";
-    }
-
+    // Sanitize each element of the tags array
+    $sanitizedTags = array_map('intval', $_GET['tags']);
     // Convert the sanitized tags into a comma-separated string
-    $sanitizedTagsString = implode(",", $sanitizedTags);
-    $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
+    $tag_filter = implode(",", $sanitizedTags);
+    $tag_query = "AND tags.tag_id IN ($tag_filter)";
 } else {
+    $tag_filter = 0;
     $tag_query = '';
 }
 
@@ -138,7 +134,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                 LEFT JOIN credential_tags ON credential_tags.tag_id = tags.tag_id
                                 LEFT JOIN credentials ON credential_tags.credential_id = credentials.credential_id
                                 WHERE tag_type = 4
-                                $client_query  -- This ensures we only get tags relevant to the selected client
+                                $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
                                 GROUP BY tags.tag_id
                                 HAVING COUNT(credential_tags.credential_id) > 0
                             ");
diff --git a/locations.php b/locations.php
index 3e589f3b..2e63daaf 100644
--- a/locations.php
+++ b/locations.php
@@ -29,17 +29,13 @@ if (!$client_url) {
 
 // Tags Filter
 if (isset($_GET['tags']) && is_array($_GET['tags']) && !empty($_GET['tags'])) {
-    // Sanitize each element of the status array
-    $sanitizedTags = array();
-    foreach ($_GET['tags'] as $tag) {
-        // Escape each status to prevent SQL injection
-        $sanitizedTags[] = "'" . intval($tag) . "'";
-    }
-
+    // Sanitize each element of the tags array
+    $sanitizedTags = array_map('intval', $_GET['tags']);
     // Convert the sanitized tags into a comma-separated string
-    $sanitizedTagsString = implode(",", $sanitizedTags);
-    $tag_query = "AND tags.tag_id IN ($sanitizedTagsString)";
+    $tag_filter = implode(",", $sanitizedTags);
+    $tag_query = "AND tags.tag_id IN ($tag_filter)";
 } else {
+    $tag_filter = 0;
     $tag_query = '';
 }
 
@@ -112,7 +108,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                 LEFT JOIN location_tags ON location_tags.tag_id = tags.tag_id
                                 LEFT JOIN locations ON location_tags.location_id = locations.location_id
                                 WHERE tag_type = 2
-                                $client_query  -- This ensures we only get tags relevant to the selected client
+                                $client_query OR tags.tag_id IN ($tag_filter) -- This ensures we only get tags relevant to the selected client or Include the tags in the URL, even if no contacts are associated with them
                                 GROUP BY tags.tag_id
                                 HAVING COUNT(location_tags.location_id) > 0
                             ");