From 6cc662218758533631c2e55925de8f4c84ea39a4 Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Wed, 22 Apr 2026 20:59:43 +0000
Subject: [PATCH] Voicemail: Preserve query string parameters across list and
 edit pages (#7906)

* Voicemail: Preserve query string parameters across list and edit pages

* Update voicemail_edit.php
---
 app/voicemails/voicemail_edit.php |  38 ++++++++--
 app/voicemails/voicemails.php     | 122 ++++++++++++++++--------------
 2 files changed, 99 insertions(+), 61 deletions(-)

diff --git a/app/voicemails/voicemail_edit.php b/app/voicemails/voicemail_edit.php
index 00394248e..6cce718f8 100644
--- a/app/voicemails/voicemail_edit.php
+++ b/app/voicemails/voicemail_edit.php
@@ -17,7 +17,7 @@
 
  The Initial Developer of the Original Code is
  Mark J Crane <markjcrane@fusionpbx.com>
- Portions created by the Initial Developer are Copyright (C) 2008-2025
+ Portions created by the Initial Developer are Copyright (C) 2008-2026
  the Initial Developer. All Rights Reserved.
 
  Contributor(s):
@@ -62,6 +62,32 @@
 	$voicemail_mail_to = '';
 	$transcribe_enabled = $settings->get('transcribe', 'enabled', false);
 
+// Set variables from http GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'voicemail_id'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('voicemail_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
+
 //set the domain variables
 	$domain_uuid = $_SESSION['domain_uuid'] ?? '';
 	$domain_name = $_SESSION['domain_name'] ?? '';
@@ -85,7 +111,7 @@
 						break;
 				}
 
-				header('Location: voicemails.php');
+				header('Location: voicemails.php'.($query_string ? '?'.$query_string : ''));
 				exit;
 			}
 
@@ -126,7 +152,7 @@
 			$token = new token;
 			if (!$token->validate($_SERVER['PHP_SELF'])) {
 				message::add($text['message-invalid_token'],'negative');
-				header('Location: voicemails.php');
+				header('Location: voicemails.php'.($query_string ? '?'.$query_string : ''));
 				exit;
 			}
 
@@ -318,7 +344,7 @@
 						header("Location: voicemails.php");
 					}
 					else if ($action == "update") {
-						header("Location: voicemail_edit.php?id=".$voicemail_uuid);
+						header("Location: voicemail_edit.php?id=".$voicemail_uuid.($query_string ? '&'.$query_string : ''));
 					}
 					exit;
 			}
@@ -515,10 +541,10 @@
 
 //set the location for the back button
 	if (permission_exists('voicemail_view')) {
-		$back_button_location = "voicemails.php";
+		$back_button_location = "voicemails.php".($query_string ? '?'.$query_string : '');
 	}
 	else {
-		$back_button_location = "voicemail_messages.php?voicemail_uuid=".urlencode($voicemail_uuid);
+		$back_button_location = "voicemail_messages.php?voicemail_uuid=".urlencode($voicemail_uuid).($query_string ? '&'.$query_string : '');
 	}
 
 //show the content
diff --git a/app/voicemails/voicemails.php b/app/voicemails/voicemails.php
index 561bc83d2..2fe7a4a6e 100644
--- a/app/voicemails/voicemails.php
+++ b/app/voicemails/voicemails.php
@@ -17,7 +17,7 @@
 
  The Initial Developer of the Original Code is
  Mark J Crane <markjcrane@fusionpbx.com>
- Portions created by the Initial Developer are Copyright (C) 2008-2024
+ Portions created by the Initial Developer are Copyright (C) 2008-2026
  the Initial Developer. All Rights Reserved.
 
  Contributor(s):
@@ -48,9 +48,35 @@
 //get the settings
 	$settings = new settings(['database' => $database, 'domain_uuid' => $_SESSION['domain_uuid'] ?? '', 'user_uuid' => $_SESSION['user_uuid'] ?? '']);
 
+// Set variables from http GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'voicemail_id'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$sort = $order_by == 'voicemail_id' ? 'natural' : '';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('voicemail_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
+
 //get the http post data
 	$action = $_POST['action'] ?? '';
-	$search = $_POST['search'] ?? '';
 	$voicemails = $_POST['voicemails'] ?? [];
 
 //process the http post data by action
@@ -70,7 +96,7 @@
 				break;
 		}
 
-		header('Location: voicemails.php'.($search != '' ? '?search='.urlencode($search) : ''));
+		header('Location: voicemails.php'.($query_string ? '?'.$query_string : ''));
 		exit;
 	}
 
@@ -93,29 +119,9 @@
 		unset($voicemail, $rows, $row);
 	}
 
-//get order and order by
-	$order_by = $_GET["order_by"] ?? 'voicemail_id';
-	$order = $_GET["order"] ?? 'asc';
-	$sort = $order_by == 'voicemail_id' ? 'natural' : '';
-
-//set additional variables
-	$show = $_GET["show"] ?? '';
-
 //set from session variables
 	$list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false);
 
-//add the search string
-	$search = strtolower($_GET["search"] ?? '');
-	if (!empty($search)) {
-		$sql_search = "and (";
-		$sql_search .= "	lower(cast(voicemail_id as text)) like :search ";
-		$sql_search .= " 	or lower(voicemail_mail_to) like :search ";
-		$sql_search .= " 	or lower(cast(voicemail_local_after_email as text)) like :search ";
-		$sql_search .= " 	or lower(cast(voicemail_enabled as text)) like :search ";
-		$sql_search .= " 	or lower(voicemail_description) like :search ";
-		$sql_search .= ") ";
-	}
-
 //prepare to page the results
 	$sql = "select count(voicemail_uuid) from v_voicemails ";
 	$sql .= "where true ";
@@ -140,21 +146,22 @@
 			$sql .= "and voicemail_uuid is null ";
 		}
 	}
-	if (!empty($sql_search)) {
-		$sql .= $sql_search;
-		$parameters['search'] = '%'.$search.'%';
+	if (!empty($search)) {
+		$sql .= "and (";
+		$sql .= "	lower(cast(voicemail_id as text)) like :search ";
+		$sql .= " 	or lower(voicemail_mail_to) like :search ";
+		$sql .= " 	or lower(cast(voicemail_local_after_email as text)) like :search ";
+		$sql .= " 	or lower(cast(voicemail_enabled as text)) like :search ";
+		$sql .= " 	or lower(voicemail_description) like :search ";
+		$sql .= ") ";
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 	$num_rows = $database->select($sql, $parameters, 'column');
 
 //prepare to page the results
 	$rows_per_page = $settings->get('domain', 'paging', 50);
-	$param = $search ? "&search=".urlencode($search) : null;
-	if ($show == "all" && permission_exists('voicemail_all')) {
-		$param .= "&show=all";
-	}
-	$page = empty($_GET['page']) ? 0 : $_GET['page'];
-	list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
-	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
+	list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page);
+	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true);
 	$offset = $rows_per_page * $page;
 
 //get the list
@@ -183,9 +190,15 @@
 			$sql .= "and voicemail_uuid is null ";
 		}
 	}
-	if (!empty($sql_search)) {
-		$sql .= $sql_search;
-		$parameters['search'] = '%'.$search.'%';
+	if (!empty($search)) {
+		$sql .= "and (";
+		$sql .= "	lower(cast(voicemail_id as text)) like :search ";
+		$sql .= " 	or lower(voicemail_mail_to) like :search ";
+		$sql .= " 	or lower(cast(voicemail_local_after_email as text)) like :search ";
+		$sql .= " 	or lower(cast(voicemail_enabled as text)) like :search ";
+		$sql .= " 	or lower(voicemail_description) like :search ";
+		$sql .= ") ";
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 	$sql .= order_by($order_by, $order, null, null, $sort);
 	$sql .= limit_offset($rows_per_page, $offset);
@@ -249,7 +262,7 @@
 		echo button::create(['type'=>'button','label'=>$text['button-export'],'icon'=>$settings->get('theme', 'button_icon_export'),'style'=>'margin-right: 15px;','link'=>'voicemail_export.php']);
 	}
 	if (permission_exists('voicemail_add')) {
-		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'voicemail_edit.php']);
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'voicemail_edit.php'.($query_string ? '?'.$query_string : '')]);
 	}
 	if (permission_exists('voicemail_edit') && $voicemails) {
 		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$settings->get('theme', 'button_icon_toggle'),'id'=>'btn_toggle','name'=>'btn_toggle','style'=>'display: none;','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);
@@ -257,16 +270,16 @@
 	if (permission_exists('voicemail_delete') && $voicemails) {
 		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
 	}
-	echo 		"<form id='form_search' class='inline' method='get'>\n";
-	if (permission_exists('voicemail_all')) {
-		if ($show == 'all') {
-			echo "		<input type='hidden' name='show' value='all'>";
-		}
-		else {
-			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?type=&show=all'.($search != '' ? "&search=".urlencode($search) : null)]);
+	echo "		<form id='form_search' class='inline' method='get'>\n";
+	foreach ($param as $key => $value) {
+		if ($key !== 'search' && $key !== 'page') {
+			echo "		<input type='hidden' name='".escape($key)."' value='".escape($value)."'>\n";
 		}
 	}
-	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
+	if ($show !== 'all' && permission_exists('voicemail_all')) {
+		echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
+	}
+	echo "		<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
 	echo button::create(['label'=>$text['button-search'],'icon'=>$settings->get('theme', 'button_icon_search'),'type'=>'submit','id'=>'btn_search']);
 	//echo button::create(['label'=>$text['button-reset'],'icon'=>$settings->get('theme', 'button_icon_reset'),'type'=>'button','id'=>'btn_reset','link'=>'voicemails.php','style'=>($search == '' ? 'display: none;' : null)]);
 	if (!empty($paging_controls_mini)) {
@@ -289,7 +302,6 @@
 
 	echo "<form id='form_list' method='post'>\n";
 	echo "<input type='hidden' id='action' name='action' value=''>\n";
-	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
 
 	echo "<div class='card'>\n";
 	echo "<table class='list'>\n";
@@ -300,20 +312,20 @@
 		echo "	</th>\n";
 	}
 	if ($show == "all" && permission_exists('voicemail_all')) {
-		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, $param, "class='shrink'");
+		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, "class='shrink'", $query_string);
 	}
-	echo th_order_by('voicemail_id', $text['label-voicemail_id'], $order_by, $order, null, "style='width: 1%;'");
-	echo th_order_by('voicemail_mail_to', $text['label-voicemail_mail_to'], $order_by, $order, null, "class='hide-sm-dn'");
-	echo th_order_by('voicemail_file', $text['label-voicemail_file_attached'], $order_by, $order, null, "class='center hide-md-dn' style='width: 1%;'");
-	echo th_order_by('voicemail_local_after_email', $text['label-voicemail_local_after_email'], $order_by, $order, null, "class='center hide-md-dn' style='width: 1%;'");
+	echo th_order_by('voicemail_id', $text['label-voicemail_id'], $order_by, $order, null, "style='width: 1%;'", $query_string);
+	echo th_order_by('voicemail_mail_to', $text['label-voicemail_mail_to'], $order_by, $order, null, "class='hide-sm-dn'", $query_string);
+	echo th_order_by('voicemail_file', $text['label-voicemail_file_attached'], $order_by, $order, null, "class='center hide-md-dn' style='width: 1%;'", $query_string);
+	echo th_order_by('voicemail_local_after_email', $text['label-voicemail_local_after_email'], $order_by, $order, null, "class='center hide-md-dn' style='width: 1%;'", $query_string);
 	if (permission_exists('voicemail_transcription_enabled') && $settings->get('transcribe', 'enabled', false) === true) {
-		echo th_order_by('voicemail_transcription_enabled', $text['label-voicemail_transcription_enabled'], $order_by, $order, null, "class='center' style='width: 1%;'");
+		echo th_order_by('voicemail_transcription_enabled', $text['label-voicemail_transcription_enabled'], $order_by, $order, null, "class='center' style='width: 1%;'", $query_string);
 	}
 	if (permission_exists('voicemail_message_view') || permission_exists('voicemail_greeting_view')) {
 		echo "<th style='width: 17%;'>".$text['label-tools']."</th>\n";
 	}
-	echo th_order_by('voicemail_enabled', $text['label-voicemail_enabled'], $order_by, $order, null, "class='center' style='width: 1%;'");
-	echo th_order_by('voicemail_description', $text['label-voicemail_description'], $order_by, $order, null, "class='hide-sm-dn'");
+	echo th_order_by('voicemail_enabled', $text['label-voicemail_enabled'], $order_by, $order, null, "class='center' style='width: 1%;'", $query_string);
+	echo th_order_by('voicemail_description', $text['label-voicemail_description'], $order_by, $order, null, "class='hide-sm-dn'", $query_string);
 	if (permission_exists('voicemail_edit') && $list_row_edit_button) {
 		echo "	<td class='action-button'>&nbsp;</td>\n";
 	}
@@ -324,7 +336,7 @@
 		foreach ($voicemails as $row) {
 			$list_row_url = '';
 			if (permission_exists('voicemail_edit')) {
-				$list_row_url = "voicemail_edit.php?id=".urlencode($row['voicemail_uuid']);
+				$list_row_url = "voicemail_edit.php?id=".urlencode($row['voicemail_uuid']).($query_string ? '&'.$query_string : '');
 				if ($row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) {
 					$list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true';
 				}