diff --git a/src/Controller/Admin/Asset/AssetHelperController.php b/src/Controller/Admin/Asset/AssetHelperController.php index d41fcc8..71deb8a 100644 --- a/src/Controller/Admin/Asset/AssetHelperController.php +++ b/src/Controller/Admin/Asset/AssetHelperController.php @@ -16,6 +16,8 @@ namespace OpenDxp\Bundle\AdminBundle\Controller\Admin\Asset; +use Doctrine\DBAL\ArrayParameterType; +use Doctrine\DBAL\ParameterType; use Exception; use League\Flysystem\FilesystemException; use League\Flysystem\UnableToReadFile; @@ -96,13 +98,14 @@ public function getSharedGridColumnConfigs(User $user, string $classId, ?string $userIds = [$user->getId()]; // collect all roles $userIds = [...$userIds, ...$user->getRoles()]; - $userIds = implode(',', $userIds); - $query = 'select distinct c1.id from gridconfigs c1, gridconfig_shares s - where (c1.searchType = ' . $db->quote($searchType) . ' and ((c1.id = s.gridConfigId and s.sharedWithUserId IN (' . $userIds . '))) and c1.classId = ' . $db->quote($classId) . ') - UNION distinct select c2.id from gridconfigs c2 where shareGlobally = 1 and c2.classId = '. $db->quote($classId) . ' and c2.ownerId != ' . $db->quote($user->getId()); - - $ids = $db->fetchFirstColumn($query); + $ids = $db->fetchFirstColumn( + 'SELECT DISTINCT c1.id FROM gridconfigs c1, gridconfig_shares s + WHERE (c1.searchType = ? AND c1.id = s.gridConfigId AND s.sharedWithUserId IN (?) AND c1.classId = ?) + UNION DISTINCT SELECT c2.id FROM gridconfigs c2 WHERE shareGlobally = 1 AND c2.classId = ? AND c2.ownerId != ?', + [$searchType, $userIds, $classId, $classId, $user->getId()], + [ParameterType::STRING, ArrayParameterType::INTEGER, ParameterType::STRING, ParameterType::STRING, ParameterType::INTEGER] + ); if ($ids) { $ids = implode(',', $ids); @@ -202,27 +205,39 @@ private function doGetGridColumnConfig(array $params, bool $isDelete = false): a $savedGridConfig = GridConfig::getById((int) $requestedGridConfigId); if ($savedGridConfig) { - $shared = null; - - try { + $shared = false; + if (!$this->getAdminUser()->isAdmin()) { $userIds = [$this->getAdminUser()->getId()]; $userIds = [...$userIds, ...$this->getAdminUser()->getRoles()]; - $userIds = implode(',', $userIds); - $shared = ($savedGridConfig->getOwnerId() !== $userId && $savedGridConfig->isShareGlobally()) || $db->fetchOne('select * from gridconfig_shares where sharedWithUserId IN (' . $userIds . ') and gridConfigId = ' . $savedGridConfig->getId()); - } catch (Exception) { - // fail silently? - } + $isSharedGlobally = $savedGridConfig->getOwnerId() !== $userId && $savedGridConfig->isShareGlobally(); + + $isSharedWithUser = (bool) $db->fetchOne( + 'SELECT 1 FROM gridconfig_shares WHERE sharedWithUserId IN (?) AND gridConfigId = ?', + [$userIds, $savedGridConfig->getId()], + [ArrayParameterType::INTEGER, ParameterType::INTEGER] + ); + + $shared = $isSharedGlobally || $isSharedWithUser; - if (!$shared && $savedGridConfig->getOwnerId() !== $this->getAdminUser()->getId()) { - throw new Exception('You are neither the owner of this config nor it is shared with you'); + if (!$shared && $savedGridConfig->getOwnerId() !== $this->getAdminUser()->getId()) { + throw new Exception('You are neither the owner of this config nor it is shared with you'); + } } + $gridConfigId = $savedGridConfig->getId(); $gridConfig = $savedGridConfig->getConfig(); $gridConfig = json_decode($gridConfig, true); - $gridConfigName = $savedGridConfig->getName(); - $gridConfigDescription = $savedGridConfig->getDescription(); + $gridConfigName = SecurityHelper::convertHtmlSpecialChars($savedGridConfig->getName()); + $gridConfigDescription = SecurityHelper::convertHtmlSpecialChars($savedGridConfig->getDescription()); $sharedGlobally = $savedGridConfig->isShareGlobally(); $setAsFavourite = $savedGridConfig->isSetAsFavourite(); + + foreach ($gridConfig['columns'] as &$column) { + if (array_key_exists('isOperator', $column) && $column['isOperator']) { + $colAttributes = &$column['fieldConfig']['attributes']; + SecurityHelper::convertHtmlSpecialCharsArrayKeys($colAttributes, ['label', 'attribute', 'param1']); + } + } } } @@ -432,8 +447,11 @@ protected function getShareSettings(int $gridConfigId): array ]; $db = Db::get(); - $allShares = $db->fetchAllAssociative('select s.sharedWithUserId, u.type from gridconfig_shares s, users u - where s.sharedWithUserId = u.id and s.gridConfigId = ' . $gridConfigId); + $allShares = $db->fetchAllAssociative( + 'SELECT s.sharedWithUserId, u.type FROM gridconfig_shares s, users u + WHERE s.sharedWithUserId = u.id AND s.gridConfigId = ?', + [$gridConfigId] + ); foreach ($allShares as $share) { $type = $share['type']; diff --git a/src/Controller/Admin/DataObject/ClassController.php b/src/Controller/Admin/DataObject/ClassController.php index 6b6c6c1..c73ae76 100644 --- a/src/Controller/Admin/DataObject/ClassController.php +++ b/src/Controller/Admin/DataObject/ClassController.php @@ -1838,9 +1838,9 @@ public function getIconsAction(Request $request, EventDispatcherInterface $event public function suggestClassIdentifierAction(): Response { $db = Db::get(); - $maxId = $db->fetchOne('SELECT MAX(CAST(id AS SIGNED)) FROM classes;'); + $maxId = $db->fetchOne('SELECT MAX(CAST(id AS SIGNED)) FROM classes'); - $existingIds = $db->fetchFirstColumn('select LOWER(id) from classes'); + $existingIds = $db->fetchFirstColumn('SELECT LOWER(id) FROM classes'); $result = [ 'suggestedIdentifier' => $maxId ? $maxId + 1 : 1, diff --git a/src/Controller/Admin/DataObject/ClassificationstoreController.php b/src/Controller/Admin/DataObject/ClassificationstoreController.php index 6048d70..b092e92 100644 --- a/src/Controller/Admin/DataObject/ClassificationstoreController.php +++ b/src/Controller/Admin/DataObject/ClassificationstoreController.php @@ -16,6 +16,7 @@ namespace OpenDxp\Bundle\AdminBundle\Controller\Admin\DataObject; +use Doctrine\DBAL\ArrayParameterType; use Exception; use OpenDxp\Bundle\AdminBundle\Controller\AdminAbstractController; use OpenDxp\Controller\KernelControllerEventInterface; @@ -218,8 +219,11 @@ public function collectionsActionGet(Request $request): JsonResponse if ($allowedGroupIds) { $db = \OpenDxp\Db::get(); - $query = 'select * from classificationstore_collectionrelations where groupId in (' . implode(',', $allowedGroupIds) .')'; - $relationList = $db->fetchAllAssociative($query); + $relationList = $db->fetchAllAssociative( + 'SELECT * FROM classificationstore_collectionrelations WHERE groupId IN (?)', + [$allowedGroupIds], + [ArrayParameterType::INTEGER] + ); foreach ($relationList as $item) { $allowedCollectionIds[] = $item['colId']; @@ -902,9 +906,12 @@ public function addCollectionsAction(Request $request): JsonResponse if ($ids) { $db = \OpenDxp\Db::get(); $mappedData = []; - $groupsData = $db->fetchAllAssociative('select * from classificationstore_groups g, classificationstore_collectionrelations c where colId IN (:ids) and g.id = c.groupId', [ - 'ids' => implode(',', array_filter($ids, is_numeric(...))), - ]); + $groupsData = $db->fetchAllAssociative( + 'SELECT * FROM classificationstore_groups g, classificationstore_collectionrelations c + WHERE colId IN (?) AND g.id = c.groupId', + [array_values(array_filter($ids, is_numeric(...)))], + [ArrayParameterType::INTEGER] + ); foreach ($groupsData as $groupData) { $mappedData[$groupData['id']] = $groupData; @@ -1434,7 +1441,7 @@ public function getPageAction(Request $request): JsonResponse ) all_rows) item where id = ' . $id . ';'; } - $db->executeQuery('select @rownum := 0;'); + $db->executeStatement('SET @rownum = 0'); $result = $db->fetchAllAssociative($query); $page = (int) $result[0]['page'] ; diff --git a/src/Controller/Admin/DataObject/DataObjectController.php b/src/Controller/Admin/DataObject/DataObjectController.php index 2cf9acd..f078fec 100644 --- a/src/Controller/Admin/DataObject/DataObjectController.php +++ b/src/Controller/Admin/DataObject/DataObjectController.php @@ -1204,8 +1204,7 @@ protected function reindexBasedOnSortOrder(DataObject\AbstractObject $parentObje $db = Db::get(); $children = $db->fetchAllAssociative( - 'SELECT id, modificationDate, versionCount FROM objects' - .' WHERE parentId = ? ORDER BY `index` ASC', + 'SELECT id, modificationDate, versionCount FROM objects WHERE parentId = ? ORDER BY `index` ASC', [$parentObject->getId()] ); $index = 0; @@ -1279,8 +1278,8 @@ protected function updateIndexesOfObjectSiblings(DataObject\AbstractObject $upda ); $siblings = $db->fetchAllAssociative( - 'SELECT id, modificationDate, versionCount, `key`, `index` FROM objects' - ." WHERE parentId = ? AND id != ? AND `type` IN ('object', 'variant','folder') ORDER BY `index` ASC", + 'SELECT id, modificationDate, versionCount, `key`, `index` FROM objects + WHERE parentId = ? AND id != ? AND `type` IN ("object", "variant", "folder") ORDER BY `index` ASC', [$updatedObject->getParentId(), $updatedObject->getId()] ); $index = 0; diff --git a/src/Controller/Admin/DataObject/DataObjectHelperController.php b/src/Controller/Admin/DataObject/DataObjectHelperController.php index 1a7bbe4..bb10862 100644 --- a/src/Controller/Admin/DataObject/DataObjectHelperController.php +++ b/src/Controller/Admin/DataObject/DataObjectHelperController.php @@ -16,6 +16,8 @@ namespace OpenDxp\Bundle\AdminBundle\Controller\Admin\DataObject; +use Doctrine\DBAL\ArrayParameterType; +use Doctrine\DBAL\ParameterType; use Exception; use InvalidArgumentException; use League\Flysystem\FilesystemException; @@ -109,14 +111,15 @@ public function getSharedGridColumnConfigs(User $user, string $classId, ?string $userIds = [$user->getId()]; // collect all roles $userIds = [...$userIds, ...$user->getRoles()]; - $userIds = implode(',', $userIds); $db = Db::get(); - $query = 'select distinct c1.id from gridconfigs c1, gridconfig_shares s - where (c1.searchType = ' . $db->quote($searchType) . ' and ((c1.id = s.gridConfigId and s.sharedWithUserId IN (' . $userIds . '))) and c1.classId = ' . $db->quote($classId) . ') - UNION distinct select c2.id from gridconfigs c2 where shareGlobally = 1 and c2.classId = '. $db->quote($classId) . ' and c2.ownerId != ' . $db->quote($user->getId()); - - $ids = $db->fetchFirstColumn($query); + $ids = $db->fetchFirstColumn( + 'SELECT DISTINCT c1.id FROM gridconfigs c1, gridconfig_shares s + WHERE (c1.searchType = ? AND c1.id = s.gridConfigId AND s.sharedWithUserId IN (?) AND c1.classId = ?) + UNION DISTINCT SELECT c2.id FROM gridconfigs c2 WHERE shareGlobally = 1 AND c2.classId = ? AND c2.ownerId != ?', + [$searchType, $userIds, $classId, $classId, $user->getId()], + [ParameterType::STRING, ArrayParameterType::INTEGER, ParameterType::STRING, ParameterType::STRING, ParameterType::INTEGER] + ); if ($ids) { $ids = implode(',', $ids); @@ -307,9 +310,15 @@ private function doGetGridColumnConfig(Request $request, array $params, Config $ if (!$this->getAdminUser()->isAdmin()) { $userIds = [$this->getAdminUser()->getId()]; $userIds = [...$userIds, ...$this->getAdminUser()->getRoles()]; - $userIds = implode(',', $userIds); - $shared = ($savedGridConfig->getOwnerId() !== $userId && $savedGridConfig->isShareGlobally()) || $db->fetchOne('select 1 from gridconfig_shares where sharedWithUserId IN ('.$userIds.') and gridConfigId = '.$savedGridConfig->getId()); - // $shared = $savedGridConfig->isShareGlobally() || GridConfigShare::getByGridConfigAndSharedWithId($savedGridConfig->getId(), $this->getUser()->getId()); + $isSharedGlobally = $savedGridConfig->getOwnerId() !== $userId && $savedGridConfig->isShareGlobally(); + + $isSharedWithUser = (bool) $db->fetchOne( + 'SELECT 1 FROM gridconfig_shares WHERE sharedWithUserId IN (?) AND gridConfigId = ?', + [$userIds, $savedGridConfig->getId()], + [ArrayParameterType::INTEGER, ParameterType::INTEGER] + ); + + $shared = $isSharedGlobally || $isSharedWithUser; if (!$shared && $savedGridConfig->getOwnerId() !== $this->getAdminUser()->getId()) { throw new Exception('You are neither the owner of this config nor it is shared with you'); @@ -381,7 +390,6 @@ private function doGetGridColumnConfig(Request $request, array $params, Config $ if (str_starts_with($key, '~')) { // not needed for now $type = $keyParts[1]; - // $field = $keyParts[2]; $groupAndKeyId = explode('-', $keyParts[3]); $keyId = (int) $groupAndKeyId[1]; @@ -716,11 +724,10 @@ public function gridConfigApplyToAllAction(Request $request): JsonResponse $searchType = $request->request->get('searchType'); $user = $this->getAdminUser(); $db = Db::get(); - $db->executeQuery('delete from gridconfig_favourites where ' - . 'ownerId = ' . $user->getId() - . ' and classId = ' . $db->quote($classId) . - ' and searchType = ' . $db->quote($searchType) - . ' and objectId != ' . $objectId . ' and objectId != 0'); + $db->executeStatement( + 'DELETE FROM gridconfig_favourites WHERE ownerId = ? AND classId = ? AND searchType = ? AND objectId != ? AND objectId != 0', + [$user->getId(), $classId, $searchType, $objectId] + ); return $this->adminJson(['success' => true]); } @@ -766,12 +773,10 @@ public function gridMarkFavouriteColumnConfigAction(Request $request): JsonRespo $favourite->save(); } $db = Db::get(); - $count = $db->fetchOne('select * from gridconfig_favourites where ' - . 'ownerId = ' . $user->getId() - . ' and classId = ' . $db->quote($classId). - ' and searchType = ' . $db->quote($searchType) - . ' and objectId != ' . $objectId . ' and objectId != 0' - . ' and `type` != ' . $db->quote($type)); + $count = $db->fetchOne( + 'SELECT * FROM gridconfig_favourites WHERE ownerId = ? AND classId = ? AND searchType = ? AND objectId != ? AND objectId != 0 AND `type` != ?', + [$user->getId(), $classId, $searchType, $objectId, $type] + ); $specializedConfigs = $count > 0; } catch (Exception) { $favourite->delete(); @@ -791,8 +796,11 @@ protected function getShareSettings(int $gridConfigId): array ]; $db = Db::get(); - $allShares = $db->fetchAllAssociative('select s.sharedWithUserId, u.type from gridconfig_shares s, users u - where s.sharedWithUserId = u.id and s.gridConfigId = ' . $gridConfigId); + $allShares = $db->fetchAllAssociative( + 'SELECT s.sharedWithUserId, u.type FROM gridconfig_shares s, users u + WHERE s.sharedWithUserId = u.id AND s.gridConfigId = ?', + [$gridConfigId] + ); foreach ($allShares as $share) { $type = $share['type']; diff --git a/src/Controller/Admin/PortalController.php b/src/Controller/Admin/PortalController.php index 8e01b15..78a6ede 100644 --- a/src/Controller/Admin/PortalController.php +++ b/src/Controller/Admin/PortalController.php @@ -293,9 +293,18 @@ public function portletModificationStatisticsAction(Request $request): JsonRespo $end = $startDate - ($i * 86400); $start = $end - 86399; - $o = $db->fetchOne('SELECT COUNT(*) AS count FROM objects WHERE modificationDate > '.$start . ' AND modificationDate < '.$end); - $a = $db->fetchOne('SELECT COUNT(*) AS count FROM assets WHERE modificationDate > '.$start . ' AND modificationDate < '.$end); - $d = $db->fetchOne('SELECT COUNT(*) AS count FROM documents WHERE modificationDate > '.$start . ' AND modificationDate < '.$end); + $o = $db->fetchOne( + 'SELECT COUNT(*) AS count FROM objects WHERE modificationDate > ? AND modificationDate < ?', + [$start, $end] + ); + $a = $db->fetchOne( + 'SELECT COUNT(*) AS count FROM assets WHERE modificationDate > ? AND modificationDate < ?', + [$start, $end] + ); + $d = $db->fetchOne( + 'SELECT COUNT(*) AS count FROM documents WHERE modificationDate > ? AND modificationDate < ?', + [$start, $end] + ); $date = new DateTime(); $date->setTimestamp($start); diff --git a/src/Controller/Admin/SettingsController.php b/src/Controller/Admin/SettingsController.php index 8f15d13..1195d12 100644 --- a/src/Controller/Admin/SettingsController.php +++ b/src/Controller/Admin/SettingsController.php @@ -565,7 +565,7 @@ public function clearTemporaryFilesAction(EventDispatcherInterface $eventDispatc // public files Tool\Storage::get('thumbnail')->deleteDirectory('/'); - Db::get()->executeQuery('TRUNCATE TABLE assets_image_thumbnail_cache'); + Db::get()->executeStatement('TRUNCATE TABLE assets_image_thumbnail_cache'); Tool\Storage::get('asset_cache')->deleteDirectory('/'); @@ -1199,12 +1199,11 @@ public function getAvailableAlgorithmsAction(Request $request): JsonResponse protected function deleteViews(string $language, string $dbName): void { $db = \OpenDxp\Db::get(); - $views = $db->fetchAllAssociative('SHOW FULL TABLES IN ' . $db->quoteIdentifier($dbName) . " WHERE TABLE_TYPE LIKE 'VIEW'"); + $views = $db->fetchAllAssociative(sprintf('SHOW FULL TABLES IN %s WHERE TABLE_TYPE LIKE "VIEW"', $db->quoteIdentifier($dbName))); foreach ($views as $view) { if (preg_match('/^object_localized_[0-9]+_' . $language . '$/', $view['Tables_in_' . $dbName])) { - $sql = 'DROP VIEW ' . $db->quoteIdentifier($view['Tables_in_' . $dbName]); - $db->executeQuery($sql); + $db->executeStatement(sprintf('DROP VIEW %s', $db->quoteIdentifier($view['Tables_in_' . $dbName]))); } } } diff --git a/src/DataObject/GridColumnConfig/Operator/RequiredBy.php b/src/DataObject/GridColumnConfig/Operator/RequiredBy.php index 6a5e8dc..92bd1fa 100644 --- a/src/DataObject/GridColumnConfig/Operator/RequiredBy.php +++ b/src/DataObject/GridColumnConfig/Operator/RequiredBy.php @@ -59,12 +59,12 @@ public function getLabeledValue(array|ElementInterface $element): stdClass } if ($this->getOnlyCount()) { - $query = 'select count(*) from dependencies where targettype = ? AND targetid = ?'. $typeCondition; + $query = 'SELECT COUNT(*) FROM dependencies WHERE targettype = ? AND targetid = ?' . $typeCondition; $count = $db->fetchOne($query, [Service::getElementType($element), $element->getId()]); $result->value = $count; } else { $resultList = []; - $query = 'select * from dependencies where targettype = ? AND targetid = ?'. $typeCondition; + $query = 'SELECT * FROM dependencies WHERE targettype = ? AND targetid = ?' . $typeCondition; $dependencies = $db->fetchAllAssociative($query, [Service::getElementType($element), $element->getId()]); foreach ($dependencies as $dependency) { $sourceType = $dependency['sourcetype']; diff --git a/src/EventListener/GridConfigListener.php b/src/EventListener/GridConfigListener.php index 999f758..52a785e 100644 --- a/src/EventListener/GridConfigListener.php +++ b/src/EventListener/GridConfigListener.php @@ -16,6 +16,7 @@ namespace OpenDxp\Bundle\AdminBundle\EventListener; +use Doctrine\DBAL\ArrayParameterType; use OpenDxp\Db; use OpenDxp\Event\DataObjectClassDefinitionEvents; use OpenDxp\Event\DataObjectEvents; @@ -54,9 +55,13 @@ public function onClassDelete(ClassDefinitionEvent $event): void // collect gridConfigs for that class id $db = Db::get(); - $gridConfigIds = $db->fetchFirstColumn('select id from gridconfigs where classId = ?', [$classId]); + $gridConfigIds = $db->fetchFirstColumn('SELECT id FROM gridconfigs WHERE classId = ?', [$classId]); if ($gridConfigIds) { - $db->executeQuery('delete from gridconfig_shares where gridConfigId in (' . implode('', $gridConfigIds) . ')'); + $db->executeStatement( + 'DELETE FROM gridconfig_shares WHERE gridConfigId IN (?)', + [$gridConfigIds], + [ArrayParameterType::INTEGER] + ); } $this->cleanupGridConfigs('classId = ' . $db->quote($classId)); @@ -70,9 +75,13 @@ public function onUserDelete(UserRoleEvent $event): void $db = Db::get(); - $gridConfigIds = $db->fetchFirstColumn('select id from gridconfigs where ownerId = ' . $userId); + $gridConfigIds = $db->fetchFirstColumn('SELECT id FROM gridconfigs WHERE ownerId = ?', [$userId]); if ($gridConfigIds) { - $db->executeQuery('delete from gridconfig_shares where gridConfigId in (' . implode('', $gridConfigIds) . ')'); + $db->executeStatement( + 'DELETE FROM gridconfig_shares WHERE gridConfigId IN (?)', + [$gridConfigIds], + [ArrayParameterType::INTEGER] + ); } $this->cleanupGridConfigs('ownerId = ' . $userId); @@ -82,12 +91,12 @@ public function onUserDelete(UserRoleEvent $event): void protected function cleanupGridConfigs(string $condition): void { $db = Db::get(); - $db->executeQuery('DELETE FROM gridconfigs where ' . $condition); + $db->executeStatement('DELETE FROM gridconfigs WHERE ' . $condition); } protected function cleanupGridConfigFavourites(string $condition): void { $db = Db::get(); - $db->executeQuery('DELETE FROM gridconfig_favourites where ' . $condition); + $db->executeStatement('DELETE FROM gridconfig_favourites WHERE ' . $condition); } } diff --git a/src/EventListener/ImportConfigListener.php b/src/EventListener/ImportConfigListener.php index 83ddf6f..12c35e4 100644 --- a/src/EventListener/ImportConfigListener.php +++ b/src/EventListener/ImportConfigListener.php @@ -16,6 +16,7 @@ namespace OpenDxp\Bundle\AdminBundle\EventListener; +use Doctrine\DBAL\ArrayParameterType; use OpenDxp\Db; use OpenDxp\Event\DataObjectClassDefinitionEvents; use OpenDxp\Event\Model\DataObject\ClassDefinitionEvent; @@ -43,9 +44,13 @@ public function onClassDelete(ClassDefinitionEvent $event): void // collect gridConfigs for that class id $db = Db::get(); - $importConfigIds = $db->fetchFirstColumn('select id from importconfigs where classId = ?', [$classId]); + $importConfigIds = $db->fetchFirstColumn('SELECT id FROM importconfigs WHERE classId = ?', [$classId]); if ($importConfigIds) { - $db->executeQuery('delete from importconfig_shares where importConfigId in (' . implode('', $importConfigIds) . ')'); + $db->executeStatement( + 'DELETE FROM importconfig_shares WHERE importConfigId IN (?)', + [$importConfigIds], + [ArrayParameterType::INTEGER] + ); } $this->cleanupImportConfigs('classId = ' . $db->quote($classId)); @@ -58,9 +63,13 @@ public function onUserDelete(UserRoleEvent $event): void $db = Db::get(); - $importConfigIds = $db->fetchFirstColumn('select id from importconfigs where ownerId = ?', [$userId]); + $importConfigIds = $db->fetchFirstColumn('SELECT id FROM importconfigs WHERE ownerId = ?', [$userId]); if ($importConfigIds) { - $db->executeQuery('delete from importconfig_shares where importConfigId in (' . implode('', $importConfigIds) . ')'); + $db->executeStatement( + 'DELETE FROM importconfig_shares WHERE importConfigId IN (?)', + [$importConfigIds], + [ArrayParameterType::INTEGER] + ); } $this->cleanupImportConfigs('ownerId = ' . $userId); @@ -69,6 +78,6 @@ public function onUserDelete(UserRoleEvent $event): void protected function cleanupImportConfigs(string $condition): void { $db = Db::get(); - $db->executeQuery('DELETE FROM importconfigs where ' . $condition); + $db->executeStatement('DELETE FROM importconfigs WHERE ' . $condition); } } diff --git a/src/GDPR/DataProvider/OpenDxpUsers.php b/src/GDPR/DataProvider/OpenDxpUsers.php index 1bd437c..7609a7d 100644 --- a/src/GDPR/DataProvider/OpenDxpUsers.php +++ b/src/GDPR/DataProvider/OpenDxpUsers.php @@ -123,7 +123,10 @@ protected function getVersionDataForUser(User\AbstractUser $user): array { $db = Db::get(); - return $db->fetchAllAssociative("SELECT ctype, cid, note, FROM_UNIXTIME(`date`) AS 'date' FROM versions WHERE userId = ?", [$user->getId()]); + return $db->fetchAllAssociative( + 'SELECT ctype, cid, note, FROM_UNIXTIME(`date`) AS "date" FROM versions WHERE userId = ?', + [$user->getId()] + ); } protected function getUsageLogDataForUser(User\AbstractUser $user): array diff --git a/src/Installer.php b/src/Installer.php index 956dad2..d5884c3 100644 --- a/src/Installer.php +++ b/src/Installer.php @@ -62,7 +62,7 @@ protected function addPermissions(): void { $db = \OpenDxp\Db::get(); - $existingKeys = $db->fetchFirstColumn('SELECT ' . $db->quoteIdentifier('key') . ' FROM users_permission_definitions'); + $existingKeys = $db->fetchFirstColumn(sprintf('SELECT %s FROM users_permission_definitions', $db->quoteIdentifier('key'))); foreach (self::USER_PERMISSIONS as $permission) { if (in_array($permission, $existingKeys)) { @@ -107,7 +107,7 @@ private function installTables(): void continue; } - $this->db->executeQuery($statement); + $this->db->executeStatement($statement); } } @@ -123,7 +123,7 @@ private function uninstallTables(): void continue; } - $this->db->executeQuery("DROP TABLE IF EXISTS $table"); + $this->db->executeStatement(sprintf('DROP TABLE IF EXISTS %s', $this->db->quoteIdentifier($table))); } } diff --git a/src/Model/GridConfigShare/Dao.php b/src/Model/GridConfigShare/Dao.php index 3702582..6afd8d3 100644 --- a/src/Model/GridConfigShare/Dao.php +++ b/src/Model/GridConfigShare/Dao.php @@ -31,7 +31,10 @@ class Dao extends Model\Dao\AbstractDao */ public function getByGridConfigAndSharedWithId(int $gridConfigId, int $sharedWithUserId): void { - $data = $this->db->fetchAssociative('SELECT * FROM gridconfig_shares WHERE gridConfigId = ? AND sharedWithUserId = ?', [$gridConfigId, $sharedWithUserId]); + $data = $this->db->fetchAssociative( + 'SELECT * FROM gridconfig_shares WHERE gridConfigId = ? AND sharedWithUserId = ?', + [$gridConfigId, $sharedWithUserId] + ); if (!$data) { throw new Model\Exception\NotFoundException('gridconfig share with gridConfigId ' . $gridConfigId . ' and shared with ' . $sharedWithUserId . ' not found');