From 9be2313b6f9b95c52b3a83946a5fbfa764b3b3da Mon Sep 17 00:00:00 2001
From: Ken Chapple <ken.chapple@gmail.com>
Date: Sat, 3 Apr 2021 04:04:06 -0400
Subject: [PATCH] Fix to custom filter (via module/event) that allowed searches
 to bypass filter (#4319)

---
 interface/main/finder/dynamic_finder_ajax.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface/main/finder/dynamic_finder_ajax.php b/interface/main/finder/dynamic_finder_ajax.php
index 4a73e3970de..022a0e870f3 100644
--- a/interface/main/finder/dynamic_finder_ajax.php
+++ b/interface/main/finder/dynamic_finder_ajax.php
@@ -185,7 +185,7 @@
 if (empty($where)) {
     $where = $customWhere;
 } else {
-    $where = "$customWhere AND $where";
+    $where = "$customWhere AND ( $where )";
 }
 $row = sqlQuery("SELECT COUNT(id) AS count FROM patient_data WHERE $where", $srch_bind);
 $iFilteredTotal = $row['count'];