From 6e57c791f3f7f770866e887a46eaff4ae2817062 Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Thu, 16 Apr 2026 18:22:41 +0000
Subject: [PATCH] Call Broadcast: Preserve query string parameters across list
 and edit pages (#7877)

* Call Broadcast: Preserve query string parameters across list and edit pages

* Update call_broadcast_edit.php

* Update call_broadcast_stop.php

* Update call_broadcast.php
---
 app/call_broadcast/call_broadcast.php      | 137 +++++++++++----------
 app/call_broadcast/call_broadcast_edit.php |  42 +++++--
 app/call_broadcast/call_broadcast_stop.php |  34 ++++-
 3 files changed, 137 insertions(+), 76 deletions(-)

diff --git a/app/call_broadcast/call_broadcast.php b/app/call_broadcast/call_broadcast.php
index 3d114012f..76bd41f49 100644
--- a/app/call_broadcast/call_broadcast.php
+++ b/app/call_broadcast/call_broadcast.php
@@ -39,9 +39,31 @@
 	$language = new text;
 	$text = $language->get();
 
-//set additional variables
-	$search = $_GET["search"] ?? '';
-	$show = $_GET["show"] ?? '';
+// Set variables from GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'broadcast_name'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('call_broadcast_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
 
 //set from session variables
 	$list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false);
@@ -49,7 +71,6 @@
 //get posted data
 	if (!empty($_POST['call_broadcasts'])) {
 		$action = $_POST['action'];
-		$search = $_POST['search'] ?? '';
 		$call_broadcasts = $_POST['call_broadcasts'];
 	}
 
@@ -70,51 +91,43 @@
 				break;
 		}
 
-		header('Location: call_broadcast.php'.($search != '' ? '?search='.urlencode($search) : ''));
+		header('Location: call_broadcast.php'.($query_string ? '?'.$query_string : ''));
 		exit;
 	}
 
-//get the http get variables and set them to php variables
-	$order_by = $_GET["order_by"] ?? '';
-	$order = $_GET["order"] ?? '';
-
-//add the search term
+//add the search string
 	if (!empty($search)) {
-		$search = strtolower($_GET["search"]);
+		$sql_search = " (";
+		$sql_search .= "	lower(broadcast_name) like :search ";
+		$sql_search .= "	or lower(broadcast_description) like :search ";
+		$sql_search .= "	or lower(broadcast_caller_id_name) like :search ";
+		$sql_search .= "	or lower(broadcast_caller_id_number) like :search ";
+		$sql_search .= "	or lower(broadcast_phone_numbers) like :search ";
+		$sql_search .= ") ";
+		$parameters['search'] = '%'.lower_case($search).'%';
 	}
 
 //get the count
 	$sql = "select count(*) from v_call_broadcasts ";
 	$sql .= "where true ";
-	if ($show != "all" || !permission_exists('call_broadcast_all')) {
-		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
-		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	if (!empty($show) && $show == "all" && permission_exists('call_broadcast_all')) {
+		if (isset($sql_search)) {
+			$sql .= "and ".$sql_search;
+		}
 	}
-	if (!empty($search)) {
-		$sql .= "and (";
-		$sql .= "	lower(broadcast_name) like :search ";
-		$sql .= "	or lower(broadcast_description) like :search ";
-		$sql .= "	or lower(broadcast_caller_id_name) like :search ";
-		$sql .= "	or lower(broadcast_caller_id_number) like :search ";
-		$sql .= "	or lower(broadcast_phone_numbers) like :search ";
-		$sql .= ") ";
-		$parameters['search'] = '%'.$search.'%';
+	else {
+		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+		if (isset($sql_search)) {
+			$sql .= "and ".$sql_search;
+		}
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
 	$num_rows = $database->select($sql, $parameters ?? null, 'column');
 
 //prepare the paging
-	$param = '';
 	$rows_per_page = $settings->get('domain', 'paging', 50);
-	if (!empty($search)) {
-		$param .= "&search=".urlencode($search);
-	}
-	if ($show == "all" && permission_exists('call_broadcast_all')) {
-		$param .= "&show=all";
-	}
-	$page = $_GET['page'] ?? '';
-	if (empty($page)) { $page = 0; $_GET['page'] = 0; }
-	list($paging_controls, $rows_per_page) = paging($num_rows, $param ?? null, $rows_per_page);
-	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param ?? null, $rows_per_page, true);
+	list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page);
+	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true);
 	$offset = $rows_per_page * $page;
 
 //get the call broadcasts
@@ -126,19 +139,17 @@
 	$sql .= "update_date, insert_date ";
 	$sql .= "from v_call_broadcasts ";
 	$sql .= "where true ";
-	if ($show != "all" || !permission_exists('call_broadcast_all')) {
-		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
-		$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
+	if (!empty($show) && $show == "all" && permission_exists('call_broadcast_all')) {
+		if (isset($sql_search)) {
+			$sql .= "and ".$sql_search;
+		}
 	}
-	if (!empty($search)) {
-		$sql .= "and (";
-		$sql .= "	lower(broadcast_name) like :search ";
-		$sql .= "	or lower(broadcast_description) like :search ";
-		$sql .= "	or lower(broadcast_caller_id_name) like :search ";
-		$sql .= "	or lower(broadcast_caller_id_number) like :search ";
-		$sql .= "	or lower(broadcast_phone_numbers) like :search ";
-		$sql .= ") ";
-		$parameters['search'] = '%'.$search.'%';
+	else {
+		$sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
+		if (isset($sql_search)) {
+			$sql .= "and ".$sql_search;
+		}
+		$parameters['domain_uuid'] = $domain_uuid;
 	}
 	$sql .= order_by($order_by, $order, 'broadcast_name', 'asc');
 	$sql .= limit_offset($rows_per_page, $offset);
@@ -158,7 +169,7 @@
 	echo "	<div class='heading'><b>".$text['title-call_broadcast']."</b><div class='count'>".number_format($num_rows)."</div></div>\n";
 	echo "	<div class='actions'>\n";
 	if (permission_exists('call_broadcast_add')) {
-		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'call_broadcast_edit.php']);
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$settings->get('theme', 'button_icon_add'),'id'=>'btn_add','link'=>'call_broadcast_edit.php'.($query_string ? '?'.$query_string : '')]);
 	}
 	if (permission_exists('call_broadcast_add') && $result) {
 		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$settings->get('theme', 'button_icon_copy'),'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);
@@ -166,20 +177,20 @@
 	if (permission_exists('call_broadcast_delete') && $result) {
 		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
 	}
-	echo 		"<form id='form_search' class='inline' method='get'>\n";
-	if (permission_exists('call_broadcast_all')) {
-		if ($show == 'all') {
-			echo "		<input type='hidden' name='show' value='all'>";
-		}
-		else {
-			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?type='.urlencode($destination_type ?? '').'&show=all'.(!empty($search) ? "&search=".urlencode($search ?? '') : null)]);
+	echo "		<form id='form_search' class='inline' method='get'>\n";
+	foreach ($param as $key => $value) {
+		if ($key !== 'search' && $key !== 'page') {
+			echo "		<input type='hidden' name='".escape($key)."' value='".escape($value)."'>\n";
 		}
 	}
-	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
+	if (permission_exists('call_broadcast_all') && (!isset($show) || $show != 'all')) {
+		echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
+	}
+	echo "		<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
 	echo button::create(['label'=>$text['button-search'],'icon'=>$settings->get('theme', 'button_icon_search'),'type'=>'submit','id'=>'btn_search']);
 	//echo button::create(['label'=>$text['button-reset'],'icon'=>$settings->get('theme', 'button_icon_reset'),'type'=>'button','id'=>'btn_reset','link'=>'call_broadcast.php','style'=>($search == '' ? 'display: none;' : null)]);
 	if ($paging_controls_mini != '') {
-		echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>";
+		echo "	<span style='margin-left: 15px;'>".$paging_controls_mini."</span>";
 	}
 	echo "		</form>\n";
 	echo "	</div>\n";
@@ -198,7 +209,6 @@
 
 	echo "<form id='form_list' method='post'>\n";
 	echo "<input type='hidden' id='action' name='action' value=''>\n";
-	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
 
 	echo "<div class='card'>\n";
 	echo "<table class='list'>\n";
@@ -209,12 +219,12 @@
 		echo "	</th>\n";
 	}
 	if ($show == "all" && permission_exists('call_broadcast_all')) {
-		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, $param, "class='shrink'");
+		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, "class='shrink'", $query_string);
 	}
-	echo th_order_by('broadcast_name', $text['label-name'], $order_by, $order);
-	echo th_order_by('broadcast_concurrent_limit', $text['label-concurrent-limit'], $order_by, $order);
-	echo th_order_by('broadcast_start_time', $text['label-start_time'], $order_by, $order);
-	echo th_order_by('broadcast_description', $text['label-description'], $order_by, $order);
+	echo th_order_by('broadcast_name', $text['label-name'], $order_by, $order, null, null, $query_string);
+	echo th_order_by('broadcast_concurrent_limit', $text['label-concurrent-limit'], $order_by, $order, null, null, $query_string);
+	echo th_order_by('broadcast_start_time', $text['label-start_time'], $order_by, $order, null, null, $query_string);
+	echo th_order_by('broadcast_description', $text['label-description'], $order_by, $order, null, null, $query_string);
 	if (permission_exists('call_broadcast_edit') && $list_row_edit_button) {
 		echo "	<td class='action-button'>&nbsp;</td>\n";
 	}
@@ -225,7 +235,7 @@
 		foreach($result as $row) {
 			$list_row_url = '';
 			if (permission_exists('call_broadcast_edit')) {
-				$list_row_url = "call_broadcast_edit.php?id=".urlencode($row['call_broadcast_uuid']);
+				$list_row_url = "call_broadcast_edit.php?id=".urlencode($row['call_broadcast_uuid']).($query_string ? '&'.$query_string : '');
 				if ($row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) {
 					$list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true';
 				}
@@ -292,4 +302,3 @@
 	require_once "resources/footer.php";
 
 ?>
-
diff --git a/app/call_broadcast/call_broadcast_edit.php b/app/call_broadcast/call_broadcast_edit.php
index 011587fa1..fd8d07b3e 100644
--- a/app/call_broadcast/call_broadcast_edit.php
+++ b/app/call_broadcast/call_broadcast_edit.php
@@ -39,6 +39,32 @@
 	$language = new text;
 	$text = $language->get();
 
+// Set variables from GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'broadcast_name'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('call_broadcast_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
+
 //set the action with add or update
 	if (!empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
 		$action = "update";
@@ -106,7 +132,7 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 					$obj = new call_broadcast;
 					$obj->delete($call_broadcasts);
 				//redirect
-					header('Location: call_broadcast.php');
+					header('Location: call_broadcast.php'.($query_string ? '?'.$query_string : ''));
 					exit;
 			}
 		}
@@ -120,7 +146,7 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 		$token = new token;
 		if (!$token->validate($_SERVER['PHP_SELF'])) {
 			message::add($text['message-invalid_token'],'negative');
-			header('Location: call_broadcast.php');
+			header('Location: call_broadcast.php'.($query_string ? '?'.$query_string : ''));
 			exit;
 		}
 
@@ -162,7 +188,7 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 					message::add($text['confirm-add']);
 
 				//set return url on error
-					$error_return_url = "call_broadcast_edit.php";
+					$error_return_url = "call_broadcast_edit.php".($query_string ? '?'.$query_string : '');
 			}
 
 		//prep update
@@ -174,7 +200,7 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 					message::add($text['confirm-update']);
 
 				//set return url on error
-					$error_return_url = "call_broadcast_edit.php?id=".urlencode($_GET['id']);
+					$error_return_url = "call_broadcast_edit.php?id=".urlencode($_GET['id']).($query_string ? '&'.$query_string : '');
 			}
 
 		//execute
@@ -237,7 +263,7 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 					unset($array);
 
 				//redirect
-					header("Location: call_broadcast.php");
+					header("Location: call_broadcast.php".($query_string ? '?'.$query_string : ''));
 					exit;
 
 			}
@@ -298,10 +324,10 @@ if (!empty($_POST) && empty($_POST["persistformvar"])) {
 	echo "<div class='action_bar' id='action_bar'>\n";
 	echo "	<div class='heading'><b>".$text['title-call_broadcast']."</b></div>\n";
 	echo "	<div class='actions'>\n";
-	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'call_broadcast.php']);
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'call_broadcast.php'.($query_string ? '?'.$query_string : '')]);
 	if ($action == "update") {
-		echo button::create(['type'=>'button','label'=>$text['button-start'],'icon'=>$settings->get('theme', 'button_icon_start'),'style'=>'margin-left: 15px;','link'=>'call_broadcast_send.php?id='.urlencode($call_broadcast_uuid)]);
-		echo button::create(['type'=>'button','label'=>$text['button-stop'],'icon'=>$settings->get('theme', 'button_icon_stop'),'link'=>'call_broadcast_stop.php?id='.urlencode($call_broadcast_uuid)]);
+		echo button::create(['type'=>'button','label'=>$text['button-start'],'icon'=>$settings->get('theme', 'button_icon_start'),'style'=>'margin-left: 15px;','link'=>'call_broadcast_send.php?id='.urlencode($call_broadcast_uuid).($query_string ? '&'.$query_string : '')]);
+		echo button::create(['type'=>'button','label'=>$text['button-stop'],'icon'=>$settings->get('theme', 'button_icon_stop'),'link'=>'call_broadcast_stop.php?id='.urlencode($call_broadcast_uuid).($query_string ? '&'.$query_string : '')]);
 		if (permission_exists('call_broadcast_delete')) {
 			echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'name'=>'btn_delete','style'=>'margin-left: 15px;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
 		}
diff --git a/app/call_broadcast/call_broadcast_stop.php b/app/call_broadcast/call_broadcast_stop.php
index 08e368950..1e7592b11 100644
--- a/app/call_broadcast/call_broadcast_stop.php
+++ b/app/call_broadcast/call_broadcast_stop.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2008-2012
+	Portions created by the Initial Developer are Copyright (C) 2008-2026
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -39,6 +39,32 @@ else {
 	$language = new text;
 	$text = $language->get();
 
+// Set variables from GET parameters
+	$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
+	$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'broadcast_name'));
+	$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
+	$search = $_GET['search'] ?? '';
+	$show = $_GET['show'] ?? '';
+
+// Build the query string
+	$param = [];
+	if (!empty($page)) {
+		$param['page'] = $page;
+	}
+	if (!empty($_GET['order_by'])) {
+		$param['order_by'] = $order_by;
+	}
+	if (!empty($_GET['order'])) {
+		$param['order'] = $order;
+	}
+	if (!empty($search)) {
+		$param['search'] = $search;
+	}
+	if (!empty($show) && $show == 'all' && permission_exists('call_broadcast_all')) {
+		$param['show'] = $show;
+	}
+	$query_string = http_build_query($param);
+
 //get the html values and set them as variables
 	$uuid = trim($_GET["id"]);
 
@@ -54,12 +80,12 @@ else {
 			}
 
 		//redirect
-			header('Location: call_broadcast_edit.php?id='.$uuid);
+			header('Location: call_broadcast_edit.php?id='.$uuid.($query_string ? '&'.$query_string : ''));
 			exit;
 	}
 
 //default redirect
-	header('Location: call_broadcasts.php');
+	header('Location: call_broadcasts.php'.($query_string ? '?'.$query_string : ''));
 	exit;
 
-?>
\ No newline at end of file
+?>