From 111698cfed914c1ea21fbbd63cefdcd47ce9874b Mon Sep 17 00:00:00 2001
From: Hosteroid <office@hosteroid.uk>
Date: Mon, 20 Oct 2025 17:48:35 +0300
Subject: [PATCH] Cast GET parameters to int and update SQL query

GET parameters 'id' and 'group_id' are now explicitly cast to integers in NotificationGroupController for improved type safety. Also, the SQL query in NotificationGroup model now includes GROUP BY and ORDER BY clauses when filtering by user_id, ensuring results are grouped and sorted by group name.
---
 app/Controllers/NotificationGroupController.php | 12 ++++++------
 app/Models/NotificationGroup.php                |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/app/Controllers/NotificationGroupController.php b/app/Controllers/NotificationGroupController.php
index 3d0cfb4..5d379f4 100644
--- a/app/Controllers/NotificationGroupController.php
+++ b/app/Controllers/NotificationGroupController.php
@@ -118,7 +118,7 @@ class NotificationGroupController extends Controller
 
     public function edit()
     {
-        $id = $_GET['id'] ?? 0;
+        $id = (int)($_GET['id'] ?? 0);
         $group = $this->groupModel->getWithDetails($id);
 
         if (!$group) {
@@ -188,7 +188,7 @@ class NotificationGroupController extends Controller
 
     public function delete()
     {
-        $id = $_GET['id'] ?? 0;
+        $id = (int)($_GET['id'] ?? 0);
         $group = $this->groupModel->find($id);
 
         if (!$group) {
@@ -270,8 +270,8 @@ class NotificationGroupController extends Controller
 
     public function deleteChannel()
     {
-        $id = $_GET['id'] ?? 0;
-        $groupId = $_GET['group_id'] ?? 0;
+        $id = (int)($_GET['id'] ?? 0);
+        $groupId = (int)($_GET['group_id'] ?? 0);
 
         try {
             $this->channelModel->delete($id);
@@ -289,8 +289,8 @@ class NotificationGroupController extends Controller
 
     public function toggleChannel()
     {
-        $id = $_GET['id'] ?? 0;
-        $groupId = $_GET['group_id'] ?? 0;
+        $id = (int)($_GET['id'] ?? 0);
+        $groupId = (int)($_GET['group_id'] ?? 0);
 
         try {
             $this->channelModel->toggleActive($id);
diff --git a/app/Models/NotificationGroup.php b/app/Models/NotificationGroup.php
index 2e51c2f..50f438b 100644
--- a/app/Models/NotificationGroup.php
+++ b/app/Models/NotificationGroup.php
@@ -29,7 +29,7 @@ class NotificationGroup extends Model
                 LEFT JOIN domains d ON ng.id = d.notification_group_id";
         
         if ($userId && !$this->getUserModel()->isAdmin($userId)) {
-            $sql .= " WHERE ng.user_id = ?";
+            $sql .= " WHERE ng.user_id = ? GROUP BY ng.id ORDER BY ng.name ASC";
             $stmt = $this->db->prepare($sql);
             $stmt->execute([$userId]);
         } else {