From 0d7a938437d8931da196e6810f492f8696dcdb68 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 10:45:56 +0100 Subject: [PATCH 01/23] sql2prepared --- .../Field/CategoryeditField.php | 71 +++++++++++++------ 1 file changed, 49 insertions(+), 22 deletions(-) diff --git a/administrator/components/com_categories/Field/CategoryeditField.php b/administrator/components/com_categories/Field/CategoryeditField.php index a4d82a8c7f975..a940f145da5fb 100644 --- a/administrator/components/com_categories/Field/CategoryeditField.php +++ b/administrator/components/com_categories/Field/CategoryeditField.php @@ -15,6 +15,7 @@ use Joomla\CMS\Form\Field\ListField; use Joomla\CMS\HTML\HTMLHelper; use Joomla\CMS\Language\Text; +use Joomla\Database\ParameterType; use Joomla\Utilities\ArrayHelper; /** @@ -176,17 +177,28 @@ protected function getOptions() $user = Factory::getUser(); $query = $db->getQuery(true) - ->select('a.id AS value, a.title AS text, a.level, a.published, a.lft, a.language') - ->from('#__categories AS a'); + ->select( + [ + $db->quoteName('a.id', 'value'), + $db->quoteName('a.title', 'text'), + $db->quoteName('a.level'), + $db->quoteName('a.published'), + $db->quoteName('a.lft'), + $db->quoteName('a.language'), + ] + ) + ->from($db->quoteName('#__categories', 'a')); // Filter by the extension type if ($this->element['parent'] == true || $jinput->get('option') == 'com_categories') { - $query->where('(a.extension = ' . $db->quote($extension) . ' OR a.parent_id = 0)'); + $query->where('(' . $db->quoteName('a.extension') . ' = :extension OR ' . $db->quoteName('a.parent_id') . ' = 0)') + ->bind(':extension', $extension); } else { - $query->where('(a.extension = ' . $db->quote($extension) . ')'); + $query->where($db->quoteName('a.extension') . ' = :extension') + ->bind(':extension', $extension);; } // Filter language @@ -194,43 +206,43 @@ protected function getOptions() { if (strpos($this->element['language'], ',') !== false) { - $language = implode(',', $db->quote(explode(',', $this->element['language']))); + $language = explode(',', $this->element['language']); } else { - $language = $db->quote($this->element['language']); + $language = $this->element['language']; } - $query->where($db->quoteName('a.language') . ' IN (' . $language . ')'); + $query->whereIn($db->quoteName('a.language'), $language); } // Filter on the published state - $query->where('a.published IN (' . implode(',', ArrayHelper::toInteger($published)) . ')'); + $state = ArrayHelper::toInteger($published); + $query->whereIn($db->quoteName('a.published'), $state); // Filter categories on User Access Level // Filter by access level on categories. if (!$user->authorise('core.admin')) { - $groups = implode(',', $user->getAuthorisedViewLevels()); - $query->where('a.access IN (' . $groups . ')'); + $groups = $user->getAuthorisedViewLevels(); + $query->whereIn($db->quoteName('a.access'), $groups); } - $query->order('a.lft ASC'); + $query->order($db->quoteName('a.lft') . ' ASC'); // If parent isn't explicitly stated but we are in com_categories assume we want parents if ($oldCat != 0 && ($this->element['parent'] == true || $jinput->get('option') == 'com_categories')) { // Prevent parenting to children of this item. // To rearrange parents and children move the children up, not the parents down. - $query->join('LEFT', $db->quoteName('#__categories') . ' AS p ON p.id = ' . (int) $oldCat) - ->where('NOT(a.lft >= p.lft AND a.rgt <= p.rgt)'); - - $rowQuery = $db->getQuery(true); - $rowQuery->select('a.id AS value, a.title AS text, a.level, a.parent_id') - ->from('#__categories AS a') - ->where('a.id = ' . (int) $oldCat); - $db->setQuery($rowQuery); - $row = $db->loadObject(); + $query->join( + 'LEFT', + $db->quoteName('#__categories', 'p'), + $db->quoteName('p.id') . ' = :oldcat' + ) + ->bind(':oldcat', $oldCat, ParameterType::INTEGER) + ->where('NOT(' . $db->quoteName('a.lft') . ' >= ' . $db->quoteName('p.lft') . + ' AND ' . $db->quoteName('a.rgt') . ' <= ' . $db->quoteName('p.rgt') . ')'); } // Get the options. @@ -332,10 +344,25 @@ protected function getOptions() } } - if (($this->element['parent'] == true || $jinput->get('option') == 'com_categories') - && (isset($row) && !isset($options[0])) + if ($oldCat != 0 && ($this->element['parent'] == true || $jinput->get('option') == 'com_categories') + && !isset($options[0]) && isset($this->element['show_root'])) { + $rowQuery = $db->getQuery(true) + ->select( + [ + $db->quoteName('a.id', 'value'), + $db->quoteName('a.title', 'text'), + $db->quoteName('a.level'), + $db->quoteName('a.parent_id'), + ] + ) + ->from($db->quoteName('#__categories', 'a')) + ->where($db->quoteName('a.id') . ' = :aid') + ->bind(':aid', $oldCat, ParameterType::INTEGER); + $db->setQuery($rowQuery); + $row = $db->loadObject(); + if ($row->parent_id == '1') { $parent = new \stdClass; From 5cd6e1c05c5c8838e83dd21230b76996e3d3cba4 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 10:50:29 +0100 Subject: [PATCH 02/23] sql2prepared --- .../components/com_categories/Field/Modal/CategoryField.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Field/Modal/CategoryField.php b/administrator/components/com_categories/Field/Modal/CategoryField.php index 89283cc4e27b6..3429b481bab60 100644 --- a/administrator/components/com_categories/Field/Modal/CategoryField.php +++ b/administrator/components/com_categories/Field/Modal/CategoryField.php @@ -17,6 +17,7 @@ use Joomla\CMS\Language\LanguageHelper; use Joomla\CMS\Language\Text; use Joomla\CMS\Session\Session; +use Joomla\Database\ParameterType; /** * Supports a modal category picker. @@ -116,10 +117,12 @@ function jSelectCategory_" . $this->id . "(id, title, object) { if ($value) { $db = Factory::getDbo(); + $value = (int) $value; $query = $db->getQuery(true) ->select($db->quoteName('title')) ->from($db->quoteName('#__categories')) - ->where($db->quoteName('id') . ' = ' . (int) $value); + ->where($db->quoteName('id') . ' = :value') + ->bind(':value', $value, ParameterType::INTEGER); $db->setQuery($query); try From 0d2be5df282e1b8ebfe021269c9fc112deb74709 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 10:54:42 +0100 Subject: [PATCH 03/23] sql2prepared --- .../com_categories/Helper/CategoriesHelper.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/administrator/components/com_categories/Helper/CategoriesHelper.php b/administrator/components/com_categories/Helper/CategoriesHelper.php index 12ee9733afa55..bde0b970c0c23 100644 --- a/administrator/components/com_categories/Helper/CategoriesHelper.php +++ b/administrator/components/com_categories/Helper/CategoriesHelper.php @@ -14,6 +14,7 @@ use Joomla\CMS\Factory; use Joomla\CMS\Language\Associations; use Joomla\CMS\Table\Table; +use Joomla\Database\ParameterType; /** * Categories helper. @@ -35,20 +36,21 @@ public static function getAssociations($pk, $extension = 'com_content') $langAssociations = Associations::getAssociations($extension, '#__categories', 'com_categories.item', $pk, 'id', 'alias', ''); $associations = array(); $user = Factory::getUser(); - $groups = implode(',', $user->getAuthorisedViewLevels()); + $groups = $user->getAuthorisedViewLevels(); foreach ($langAssociations as $langAssociation) { // Include only published categories with user access - $arrId = explode(':', $langAssociation->id); - $assocId = $arrId[0]; - $db = Factory::getDbo(); + $arrId = explode(':', $langAssociation->id); + $assocId = (int) $arrId[0]; + $db = Factory::getDbo(); $query = $db->getQuery(true) ->select($db->quoteName('published')) ->from($db->quoteName('#__categories')) - ->where('access IN (' . $groups . ')') - ->where($db->quoteName('id') . ' = ' . (int) $assocId); + ->whereIn($db->quoteName('access'), $groups) + ->where($db->quoteName('id') . ' = :associd') + ->bind(':associd', $assocId, ParameterType::INTEGER); $result = (int) $db->setQuery($query)->loadResult(); From a5bd0e96f37d67c313e19ce09bc353c21f26b172 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 12:01:00 +0100 Subject: [PATCH 04/23] sql2prepared --- .../com_categories/Model/CategoryModel.php | 73 +++++++++++++------ 1 file changed, 49 insertions(+), 24 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index 54cd153054b25..0fcb7f38c0e0b 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -28,6 +28,7 @@ use Joomla\CMS\Plugin\PluginHelper; use Joomla\CMS\UCM\UCMType; use Joomla\Component\Categories\Administrator\Helper\CategoriesHelper; +use Joomla\Database\ParameterType; use Joomla\Registry\Registry; use Joomla\String\StringHelper; use Joomla\Utilities\ArrayHelper; @@ -632,28 +633,34 @@ public function save($data) // Get associationskey for edited item $db = $this->getDbo(); + $id = (int) $table->id; $query = $db->getQuery(true) ->select($db->quoteName('key')) ->from($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = ' . $db->quote($this->associationsContext)) - ->where($db->quoteName('id') . ' = ' . (int) $table->id); + ->where($db->quoteName('context') . ' = :associationscontext') + ->bind('associationscontext', $this->associationsContext) + ->where($db->quoteName('id') . ' = :id') + ->bind(':id', $id, ParameterType::INTEGER); $db->setQuery($query); $oldKey = $db->loadResult(); // Deleting old associations for the associated items $query = $db->getQuery(true) ->delete($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = ' . $db->quote($this->associationsContext)); + ->where($db->quoteName('context') . ' = :associationscontext') + ->bind('associationscontext', $this->associationsContext); if ($associations) { - $query->where('(' . $db->quoteName('id') . ' IN (' . implode(',', $associations) . ') OR ' - . $db->quoteName('key') . ' = ' . $db->quote($oldKey) . ')' - ); + $query->where('(' . $db->quoteName('id') . ' IN (' . implode(',', $query->bindArray($associations)) . ') OR ' + . $db->quoteName('key') . ' = :oldkey' . ')' + ) + ->bind(':oldkey', $oldKey); } else { - $query->where($db->quoteName('key') . ' = ' . $db->quote($oldKey)); + $query->where($db->quoteName('key') . ' = :key') + ->bind(':key', $oldKey); } $db->setQuery($query); @@ -680,11 +687,15 @@ public function save($data) // Adding new association for these items $key = md5(json_encode($associations)); $query->clear() - ->insert('#__associations'); + ->insert($db->quoteName('#__associations')); foreach ($associations as $id) { - $query->values(((int) $id) . ',' . $db->quote($this->associationsContext) . ',' . $db->quote($key)); + $id = (int) $id; + $query->values(':id$id , :associationscontext$id, :key$id') + ->bind(':id$id', $id, ParameterType::INTEGER) + ->bind(':associationscontext$id', $this->associationsContext) + ->bind(':key$id', $key); } $db->setQuery($query); @@ -834,9 +845,10 @@ protected function batchFlipordering($value, $pks, $contexts) */ foreach ($pks as $id) { - $query->select('MAX(ordering)') - ->from('#__content') - ->where($db->quoteName('catid') . ' = ' . $db->quote($id)); + $query->select('MAX(' . $db->quoteName('ordering') . ')') + ->from($db->quoteName('#__content')) + ->where($db->quoteName('catid') . ' = :catid') + ->bind(':catid', $id, ParameterType::INTEGER); $db->setQuery($query); @@ -845,9 +857,11 @@ protected function batchFlipordering($value, $pks, $contexts) $query->clear(); - $query->update('#__content') - ->set($db->quoteName('ordering') . ' = ' . $max . ' - ' . $db->quoteName('ordering')) - ->where($db->quoteName('catid') . ' = ' . $db->quote($id)); + $query->update($db->quoteName('#__content') + ->set($db->quoteName('ordering') . ' = :max - ' . $db->quoteName('ordering')) + ->where($db->quoteName('catid') . ' = :catid') + ->bind(':max', $max, ParameterType::INTEGER); + ->bind(':catid', $id, ParameterType::INTEGER); $db->setQuery($query); @@ -946,7 +960,7 @@ protected function batchCopy($value, $pks, $contexts) // Calculate the emergency stop count as a precaution against a runaway loop bug $query = $db->getQuery(true) - ->select('COUNT(id)') + ->select('COUNT(' . $db->quoteName('id') . ')') ->from($db->quoteName('#__categories')); $db->setQuery($query); @@ -988,11 +1002,15 @@ protected function batchCopy($value, $pks, $contexts) } // Copy is a bit tricky, because we also need to copy the children + $lft = (int) $this->table->lft; + $rgt = (int) $this->table->rgt; $query->clear() - ->select('id') + ->select($db->quoteName('id')) ->from($db->quoteName('#__categories')) - ->where('lft > ' . (int) $this->table->lft) - ->where('rgt < ' . (int) $this->table->rgt); + ->where($db->quoteName('lft') . ' > :lft') + ->where($db->quoteName('rgt') . ' < :rgt') + ->bind(':lft', $lft, ParameterType::INTEGER) + ->bind(':rgt', $rgt, ParameterType::INTEGER); $db->setQuery($query); $childIds = $db->loadColumn(); @@ -1052,11 +1070,14 @@ protected function batchCopy($value, $pks, $contexts) // Copy rules $query->clear() ->update($db->quoteName('#__assets', 't')) - ->join('INNER', $db->quoteName('#__assets', 's') . - ' ON ' . $db->quoteName('s.id') . ' = ' . $oldAssetId + ->join('INNER', + $db->quoteName('#__assets', 's'), + $db->quoteName('s.id') . ' = :oldid', ) + ->bind(':oldid', $oldAssetId, ParameterType::INTEGER) ->set($db->quoteName('t.rules') . ' = ' . $db->quoteName('s.rules')) - ->where($db->quoteName('t.id') . ' = ' . $this->table->asset_id); + ->where($db->quoteName('t.id') . ' = :assetid') + ->bind(':assetid', $this->table->asset_id, ParameterType::INTEGER); $db->setQuery($query)->execute(); // Now we log the old 'parent' to the new 'parent' @@ -1186,11 +1207,15 @@ protected function batchMove($value, $pks, $contexts) // Check if we are moving to a different parent if ($parentId != $this->table->parent_id) { + $lft = (int) $this->table->lft; + $rgt = (int) $this->table->rgt; // Add the child node ids to the children array. $query->clear() - ->select('id') + ->select($db->quoteName('id')) ->from($db->quoteName('#__categories')) - ->where($db->quoteName('lft') . ' BETWEEN ' . (int) $this->table->lft . ' AND ' . (int) $this->table->rgt); + ->where($db->quoteName('lft') . ' BETWEEN :lft AND :rgt') + ->bind(':lft', $lft, ParameterType::INTEGER) + ->bind(':rgt', $rgt, ParameterType::INTEGER); $db->setQuery($query); try From a33bac32c1d88a4efcc473331fc6ca6508ed6fc9 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 12:43:16 +0100 Subject: [PATCH 05/23] sql2prepared --- .../com_categories/Model/CategoriesModel.php | 106 +++++++++++++----- 1 file changed, 81 insertions(+), 25 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index 1e551d5482d8f..cfd09296ce604 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -17,6 +17,7 @@ use Joomla\CMS\Language\Associations; use Joomla\CMS\MVC\Factory\MVCFactoryInterface; use Joomla\CMS\MVC\Model\ListModel; +use Joomla\Database\ParameterType; /** * Categories Component Categories Model @@ -167,23 +168,44 @@ protected function getListQuery() ', a.language' ) ); - $query->from('#__categories AS a'); + $query->from($db->quoteName('#__categories', 'a')); // Join over the language - $query->select('l.title AS language_title, l.image AS language_image') - ->join('LEFT', $db->quoteName('#__languages') . ' AS l ON l.lang_code = a.language'); + $query->select( + [ + $db->quoteName('l.title', 'language_title'), + $db->quoteName('l.image', 'language_image'), + ] + ) + ->join( + 'LEFT', + $db->quoteName('#__languages', 'l'), + $db->quoteName('l.lang_code') . ' = ' . $db->quoteName('a.language') + ); // Join over the users for the checked out user. - $query->select('uc.name AS editor') - ->join('LEFT', '#__users AS uc ON uc.id=a.checked_out'); + $query->select($db->quoteName('uc.name ', 'editor')) + ->join( + 'LEFT', + $db->quoteName('#__users', 'uc'), + $db->quoteName('uc.id') . ' = ' . $db->quoteName('a.checked_out') + ); // Join over the asset groups. - $query->select('ag.title AS access_level') - ->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); + $query->select($db->quoteName('ag.title', 'access_level')) + ->join( + 'LEFT', + $db->quoteName('#__viewlevels', 'ag'), + $db->quoteName('ag.id') . ' = ' . $db->quoteName('a.access') + ); // Join over the users for the author. - $query->select('ua.name AS author_name') - ->join('LEFT', '#__users AS ua ON ua.id = a.created_user_id'); + $query->select($db->quoteName('ua.name', 'author_name')) + ->join( + 'LEFT', + $db->quoteName('#__users', 'ua'), + $db->quoteName('ua.id') . ' = ' . $db->quoteName('a.created_user_id') + ); // Join over the associations. $assoc = $this->getAssoc(); @@ -191,34 +213,48 @@ protected function getListQuery() if ($assoc) { $query->select('COUNT(asso2.id)>1 as association') - ->join('LEFT', '#__associations AS asso ON asso.id = a.id AND asso.context=' . $db->quote('com_categories.item')) - ->join('LEFT', '#__associations AS asso2 ON asso2.key = asso.key') + ->join( + 'LEFT', + $db->quoteName('#__associations', 'asso'), + $db->quoteName('asso.id') . ' = ' . $db->quoteName('a.id') + . ' AND ' . $db->quoteName('asso.context') . ' = ' . $db->quote('com_categories.item') + ) + ->join( + 'LEFT', + $db->quoteName('#__associations', 'asso2'), + $db->quoteName('asso2.key') . ' = ' . $db->quoteName('asso.key') + ) ->group('a.id, l.title, uc.name, ag.title, ua.name'); } // Filter by extension if ($extension = $this->getState('filter.extension')) { - $query->where('a.extension = ' . $db->quote($extension)); + $query->where($db->quoteName('a.extension') . ' = :extension') + ->bind(':extension', $extension); } // Filter on the level. if ($level = $this->getState('filter.level')) { - $query->where('a.level <= ' . (int) $level); + $level = (int) $level; + $query->where($db->quoteName('a.level') . ' <= :level') + ->bind(':level', $level, ParameterType::INTEGER); } // Filter by access level. if ($access = $this->getState('filter.access')) { - $query->where('a.access = ' . (int) $access); + $access = (int) $access; + $query->where($db->quoteName('a.access') . ' = :access') + ->bind(':access', $access, ParameterType::INTEGER); } // Implement View Level Access if (!$user->authorise('core.admin')) { - $groups = implode(',', $user->getAuthorisedViewLevels()); - $query->where('a.access IN (' . $groups . ')'); + $groups = $user->getAuthorisedViewLevels(); + $query->whereIn($db->quoteName('a.access'), $groups); } // Filter by published state @@ -226,11 +262,13 @@ protected function getListQuery() if (is_numeric($published)) { - $query->where('a.published = ' . (int) $published); + $published = (int) $published; + $query->where($db->quoteName('a.published') . ' = :published') + ->bind(':published', $published, ParameterType::INTEGER); } elseif ($published === '') { - $query->where('(a.published IN (0, 1))'); + $query->whereIn($db->quoteName('a.published'), [0, 1]); } // Filter by search in title @@ -240,19 +278,33 @@ protected function getListQuery() { if (stripos($search, 'id:') === 0) { - $query->where('a.id = ' . (int) substr($search, 3)); + $search = (int) substr($search, 3); + $query->where($db->quoteName('a.id') . ' = :search') + ->bind(':search', $search, ParameterType::INTEGER); } else { - $search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%')); - $query->where('(a.title LIKE ' . $search . ' OR a.alias LIKE ' . $search . ' OR a.note LIKE ' . $search . ')'); + $search = '%' . str_replace(' ', '%', trim($search)) . '%'; + $query->extendWhere( + 'AND', + [ + $db->quoteName('a.title') . ' LIKE :title ', + $db->quoteName('a.alias') . ' LIKE :alias ', + $db->quoteName('a.note') . ' LIKE :note ', + ], + 'OR' + ) + ->bind(':title', $search) + ->bind(':alias', $search) + ->bind(':note', $search); } } // Filter on the language. if ($language = $this->getState('filter.language')) { - $query->where('a.language = ' . $db->quote($language)); + $query->where($db->quoteName('a.language') . ' = :language') + ->bind(':language', $language); } // Filter by a single tag. @@ -260,12 +312,16 @@ protected function getListQuery() if (is_numeric($tagId)) { - $query->where($db->quoteName('tagmap.tag_id') . ' = ' . (int) $tagId) + $tagId = (int) $tagId; + $typeAlias = $extension . '.category'; + $query->where($db->quoteName('tagmap.tag_id') . ' = :tagid') + ->bind(':tagid', $tagId, ParameterType::INTEGER) ->join( 'LEFT', $db->quoteName('#__contentitem_tag_map', 'tagmap') . ' ON ' . $db->quoteName('tagmap.content_item_id') . ' = ' . $db->quoteName('a.id') - . ' AND ' . $db->quoteName('tagmap.type_alias') . ' = ' . $db->quote($extension . '.category') - ); + . ' AND ' . $db->quoteName('tagmap.type_alias') . ' = :typealias') + ) + ->bind(':typealias', $typeAlias); } // Add the list ordering clause From 4d1f8a3b8fa057c51b1cec919cc090216e4de5df Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 12:55:21 +0100 Subject: [PATCH 06/23] sql2prepared --- .../Service/HTML/AdministratorService.php | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/administrator/components/com_categories/Service/HTML/AdministratorService.php b/administrator/components/com_categories/Service/HTML/AdministratorService.php index ee5932ffb26dd..1da609857f992 100644 --- a/administrator/components/com_categories/Service/HTML/AdministratorService.php +++ b/administrator/components/com_categories/Service/HTML/AdministratorService.php @@ -15,6 +15,7 @@ use Joomla\CMS\Layout\LayoutHelper; use Joomla\CMS\Router\Route; use Joomla\Component\Categories\Administrator\Helper\CategoriesHelper; +use Joomla\Database\ParameterType; use Joomla\Utilities\ArrayHelper; /** @@ -48,15 +49,25 @@ public function association($catid, $extension = 'com_content') // Get the associated categories $db = Factory::getDbo(); $query = $db->getQuery(true) - ->select('c.id, c.title') - ->select('l.sef as lang_sef') - ->select('l.lang_code') - ->from('#__categories as c') - ->where('c.id IN (' . implode(',', array_values($associations)) . ')') - ->where('c.id != ' . $catid) - ->join('LEFT', '#__languages as l ON c.language=l.lang_code') - ->select('l.image') - ->select('l.title as language_title'); + ->select( + [ + $db->quoteName('c.id'), + $db->quoteName('c.title'), + $db->quoteName('l.sef', 'lang_sef'), + $db->quoteName('l.lang_code'), + $db->quoteName('l.image'), + $db->quoteName('l.title', 'language_title'), + ] + ) + ->from($db->quoteName('#__categories', 'c')) + ->whereIn($db->quoteName('c.id'), array_values($associations)) + ->where($db->quoteName('c.id') . ' != :catid') + ->bind(':catid', $catid, ParameterType::INTEGER) + ->join( + 'LEFT', + $db->quoteName('#__languages', 'l'), + $db->quoteName('c.language') . ' = ' . $db->quoteName('l.lang_code') + ); $db->setQuery($query); try From 2c6541293d61e66decfd23de327f387fb7f4a4fb Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 18:39:49 +0100 Subject: [PATCH 07/23] cs --- .../com_categories/Field/CategoryeditField.php | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/administrator/components/com_categories/Field/CategoryeditField.php b/administrator/components/com_categories/Field/CategoryeditField.php index a940f145da5fb..66604fed3a84f 100644 --- a/administrator/components/com_categories/Field/CategoryeditField.php +++ b/administrator/components/com_categories/Field/CategoryeditField.php @@ -198,7 +198,7 @@ protected function getOptions() else { $query->where($db->quoteName('a.extension') . ' = :extension') - ->bind(':extension', $extension);; + ->bind(':extension', $extension); } // Filter language @@ -236,13 +236,14 @@ protected function getOptions() // Prevent parenting to children of this item. // To rearrange parents and children move the children up, not the parents down. $query->join( - 'LEFT', + 'LEFT', $db->quoteName('#__categories', 'p'), $db->quoteName('p.id') . ' = :oldcat' ) ->bind(':oldcat', $oldCat, ParameterType::INTEGER) - ->where('NOT(' . $db->quoteName('a.lft') . ' >= ' . $db->quoteName('p.lft') . - ' AND ' . $db->quoteName('a.rgt') . ' <= ' . $db->quoteName('p.rgt') . ')'); + ->where('NOT(' . $db->quoteName('a.lft') . ' >= ' . $db->quoteName('p.lft') + . ' AND ' . $db->quoteName('a.rgt') . ' <= ' . $db->quoteName('p.rgt') . ')' + ); } // Get the options. @@ -348,13 +349,13 @@ protected function getOptions() && !isset($options[0]) && isset($this->element['show_root'])) { - $rowQuery = $db->getQuery(true) + $rowQuery = $db->getQuery(true) ->select( [ $db->quoteName('a.id', 'value'), $db->quoteName('a.title', 'text'), $db->quoteName('a.level'), - $db->quoteName('a.parent_id'), + $db->quoteName('a.parent_id'), ] ) ->from($db->quoteName('#__categories', 'a')) @@ -362,7 +363,7 @@ protected function getOptions() ->bind(':aid', $oldCat, ParameterType::INTEGER); $db->setQuery($rowQuery); $row = $db->loadObject(); - + if ($row->parent_id == '1') { $parent = new \stdClass; From 8bdb635dbf3dfefafb0752b46efc38856270c152 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 18:44:14 +0100 Subject: [PATCH 08/23] cs --- .../components/com_categories/Model/CategoriesModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index cfd09296ce604..e86282b9439dc 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -319,7 +319,7 @@ protected function getListQuery() ->join( 'LEFT', $db->quoteName('#__contentitem_tag_map', 'tagmap') . ' ON ' . $db->quoteName('tagmap.content_item_id') . ' = ' . $db->quoteName('a.id') - . ' AND ' . $db->quoteName('tagmap.type_alias') . ' = :typealias') + . ' AND ' . $db->quoteName('tagmap.type_alias') . ' = :typealias' ) ->bind(':typealias', $typeAlias); } From 6ee67a5a66951f521d27afb80d7140a4772eab51 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 18:48:24 +0100 Subject: [PATCH 09/23] cs --- .../components/com_categories/Model/CategoryModel.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index 0fcb7f38c0e0b..dbd381e99904a 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -655,7 +655,7 @@ public function save($data) $query->where('(' . $db->quoteName('id') . ' IN (' . implode(',', $query->bindArray($associations)) . ') OR ' . $db->quoteName('key') . ' = :oldkey' . ')' ) - ->bind(':oldkey', $oldKey); + ->bind(':oldkey', $oldKey); } else { @@ -857,10 +857,10 @@ protected function batchFlipordering($value, $pks, $contexts) $query->clear(); - $query->update($db->quoteName('#__content') + $query->update($db->quoteName('#__content')) ->set($db->quoteName('ordering') . ' = :max - ' . $db->quoteName('ordering')) ->where($db->quoteName('catid') . ' = :catid') - ->bind(':max', $max, ParameterType::INTEGER); + ->bind(':max', $max, ParameterType::INTEGER) ->bind(':catid', $id, ParameterType::INTEGER); $db->setQuery($query); @@ -1070,7 +1070,7 @@ protected function batchCopy($value, $pks, $contexts) // Copy rules $query->clear() ->update($db->quoteName('#__assets', 't')) - ->join('INNER', + ->join('INNER', $db->quoteName('#__assets', 's'), $db->quoteName('s.id') . ' = :oldid', ) @@ -1209,6 +1209,7 @@ protected function batchMove($value, $pks, $contexts) { $lft = (int) $this->table->lft; $rgt = (int) $this->table->rgt; + // Add the child node ids to the children array. $query->clear() ->select($db->quoteName('id')) From 097e9edd17733218c21674f20e68e79638ba28b6 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 19:36:33 +0100 Subject: [PATCH 10/23] cs --- administrator/components/com_categories/Model/CategoryModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index dbd381e99904a..b34ee066e830f 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -653,7 +653,7 @@ public function save($data) if ($associations) { $query->where('(' . $db->quoteName('id') . ' IN (' . implode(',', $query->bindArray($associations)) . ') OR ' - . $db->quoteName('key') . ' = :oldkey' . ')' + . $db->quoteName('key') . ' = :oldkey)' ) ->bind(':oldkey', $oldKey); } From 5abb553a6834bdf98ebc48a3b084a2c1b34e9efc Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 19:52:57 +0100 Subject: [PATCH 11/23] fix space --- .../components/com_categories/Model/CategoriesModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index e86282b9439dc..34c82ab51afd5 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -184,7 +184,7 @@ protected function getListQuery() ); // Join over the users for the checked out user. - $query->select($db->quoteName('uc.name ', 'editor')) + $query->select($db->quoteName('uc.name', 'editor')) ->join( 'LEFT', $db->quoteName('#__users', 'uc'), From 716d765b6a886078f71b694b80e49dc98ebedc8c Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:34:09 +0100 Subject: [PATCH 12/23] Update administrator/components/com_categories/Field/CategoryeditField.php Co-Authored-By: Quy --- .../components/com_categories/Field/CategoryeditField.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Field/CategoryeditField.php b/administrator/components/com_categories/Field/CategoryeditField.php index 66604fed3a84f..0040b0d964c4e 100644 --- a/administrator/components/com_categories/Field/CategoryeditField.php +++ b/administrator/components/com_categories/Field/CategoryeditField.php @@ -213,7 +213,7 @@ protected function getOptions() $language = $this->element['language']; } - $query->whereIn($db->quoteName('a.language'), $language); + $query->whereIn($db->quoteName('a.language'), $language, ParameterType::STRING); } // Filter on the published state From 43f87d51eb4b050b1634cc38a36bc3d38a707eea Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:34:30 +0100 Subject: [PATCH 13/23] Update administrator/components/com_categories/Field/Modal/CategoryField.php Co-Authored-By: Quy --- .../components/com_categories/Field/Modal/CategoryField.php | 1 - 1 file changed, 1 deletion(-) diff --git a/administrator/components/com_categories/Field/Modal/CategoryField.php b/administrator/components/com_categories/Field/Modal/CategoryField.php index 3429b481bab60..2063eb1d38afa 100644 --- a/administrator/components/com_categories/Field/Modal/CategoryField.php +++ b/administrator/components/com_categories/Field/Modal/CategoryField.php @@ -117,7 +117,6 @@ function jSelectCategory_" . $this->id . "(id, title, object) { if ($value) { $db = Factory::getDbo(); - $value = (int) $value; $query = $db->getQuery(true) ->select($db->quoteName('title')) ->from($db->quoteName('#__categories')) From 9a2d49d1fdc9a48fa46aab9a3fae230cfffabf4b Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:46:06 +0100 Subject: [PATCH 14/23] Update administrator/components/com_categories/Model/CategoriesModel.php Co-Authored-By: Quy --- .../components/com_categories/Model/CategoriesModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index 34c82ab51afd5..9c9546164825d 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -289,7 +289,7 @@ protected function getListQuery() 'AND', [ $db->quoteName('a.title') . ' LIKE :title ', - $db->quoteName('a.alias') . ' LIKE :alias ', + $db->quoteName('a.alias') . ' LIKE :alias', $db->quoteName('a.note') . ' LIKE :note ', ], 'OR' From 860efdb9f2fa1f7dbe8f6447d197243e048d0527 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:46:21 +0100 Subject: [PATCH 15/23] Update administrator/components/com_categories/Model/CategoriesModel.php Co-Authored-By: Quy --- .../components/com_categories/Model/CategoriesModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index 9c9546164825d..a8aba5bc9d082 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -290,7 +290,7 @@ protected function getListQuery() [ $db->quoteName('a.title') . ' LIKE :title ', $db->quoteName('a.alias') . ' LIKE :alias', - $db->quoteName('a.note') . ' LIKE :note ', + $db->quoteName('a.note') . ' LIKE :note', ], 'OR' ) From 7c1ba463a991ec9dff961ee51b532192986e96fb Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:49:31 +0100 Subject: [PATCH 16/23] Update administrator/components/com_categories/Model/CategoryModel.php Co-Authored-By: Quy --- administrator/components/com_categories/Model/CategoryModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index b34ee066e830f..3944de60ac9de 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -692,7 +692,7 @@ public function save($data) foreach ($associations as $id) { $id = (int) $id; - $query->values(':id$id , :associationscontext$id, :key$id') + $query->values(':id$id, :associationscontext$id, :key$id') ->bind(':id$id', $id, ParameterType::INTEGER) ->bind(':associationscontext$id', $this->associationsContext) ->bind(':key$id', $key); From 28301fffedd088344ce979ad252611c57479ab3a Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:51:05 +0100 Subject: [PATCH 17/23] Update administrator/components/com_categories/Model/CategoriesModel.php Co-Authored-By: Quy --- .../components/com_categories/Model/CategoriesModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index a8aba5bc9d082..54600686e98e8 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -288,7 +288,7 @@ protected function getListQuery() $query->extendWhere( 'AND', [ - $db->quoteName('a.title') . ' LIKE :title ', + $db->quoteName('a.title') . ' LIKE :title', $db->quoteName('a.alias') . ' LIKE :alias', $db->quoteName('a.note') . ' LIKE :note', ], From 8b7cadf96be746ba45fa7dedf4aaf0616da881bf Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 20:59:16 +0100 Subject: [PATCH 18/23] (int) --- .../components/com_categories/Model/CategoriesModel.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoriesModel.php b/administrator/components/com_categories/Model/CategoriesModel.php index 54600686e98e8..3022cc966df97 100644 --- a/administrator/components/com_categories/Model/CategoriesModel.php +++ b/administrator/components/com_categories/Model/CategoriesModel.php @@ -235,17 +235,15 @@ protected function getListQuery() } // Filter on the level. - if ($level = $this->getState('filter.level')) + if ($level = (int) $this->getState('filter.level')) { - $level = (int) $level; $query->where($db->quoteName('a.level') . ' <= :level') ->bind(':level', $level, ParameterType::INTEGER); } // Filter by access level. - if ($access = $this->getState('filter.access')) + if ($access = (int) $this->getState('filter.access')) { - $access = (int) $access; $query->where($db->quoteName('a.access') . ' = :access') ->bind(':access', $access, ParameterType::INTEGER); } From b11950768036a23cc938cb56debadc42ca541a00 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 21:01:46 +0100 Subject: [PATCH 19/23] swap --- .../components/com_categories/Model/CategoryModel.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index 3944de60ac9de..d454182eb775b 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -637,9 +637,9 @@ public function save($data) $query = $db->getQuery(true) ->select($db->quoteName('key')) ->from($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = :associationscontext') - ->bind('associationscontext', $this->associationsContext) + ->where($db->quoteName('context') . ' = :associationscontext') ->where($db->quoteName('id') . ' = :id') + ->bind(':associationscontext', $this->associationsContext) ->bind(':id', $id, ParameterType::INTEGER); $db->setQuery($query); $oldKey = $db->loadResult(); @@ -648,7 +648,7 @@ public function save($data) $query = $db->getQuery(true) ->delete($db->quoteName('#__associations')) ->where($db->quoteName('context') . ' = :associationscontext') - ->bind('associationscontext', $this->associationsContext); + ->bind(':associationscontext', $this->associationsContext); if ($associations) { From 466a4b80c5a92b474fabb4a58e9204532a9fb54c Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Tue, 3 Dec 2019 21:11:25 +0100 Subject: [PATCH 20/23] cs --- administrator/components/com_categories/Model/CategoryModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index d454182eb775b..5857cee4a90d8 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -637,7 +637,7 @@ public function save($data) $query = $db->getQuery(true) ->select($db->quoteName('key')) ->from($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = :associationscontext') + ->where($db->quoteName('context') . ' = :associationscontext') ->where($db->quoteName('id') . ' = :id') ->bind(':associationscontext', $this->associationsContext) ->bind(':id', $id, ParameterType::INTEGER); From 06b25260e4db11c3f85c736f9c3b1f1cf94f4960 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Wed, 4 Dec 2019 18:57:54 +0100 Subject: [PATCH 21/23] Update administrator/components/com_categories/Model/CategoryModel.php Co-Authored-By: Quy --- administrator/components/com_categories/Model/CategoryModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index 5857cee4a90d8..3504d57e12dad 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -1072,7 +1072,7 @@ protected function batchCopy($value, $pks, $contexts) ->update($db->quoteName('#__assets', 't')) ->join('INNER', $db->quoteName('#__assets', 's'), - $db->quoteName('s.id') . ' = :oldid', + $db->quoteName('s.id') . ' = :oldid' ) ->bind(':oldid', $oldAssetId, ParameterType::INTEGER) ->set($db->quoteName('t.rules') . ' = ' . $db->quoteName('s.rules')) From 833dc19150cc426904d9f9aa64b4eb6bcba1bb11 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Wed, 4 Dec 2019 19:03:51 +0100 Subject: [PATCH 22/23] cs --- administrator/components/com_categories/Model/CategoryModel.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index 3504d57e12dad..b5b16530973ab 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -637,7 +637,7 @@ public function save($data) $query = $db->getQuery(true) ->select($db->quoteName('key')) ->from($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = :associationscontext') + ->where($db->quoteName('context') . ' = :associationscontext') ->where($db->quoteName('id') . ' = :id') ->bind(':associationscontext', $this->associationsContext) ->bind(':id', $id, ParameterType::INTEGER); From 41a405ef532c21d59e9498b22ed4a2f6ad191a11 Mon Sep 17 00:00:00 2001 From: Nicola Galgano Date: Fri, 6 Dec 2019 21:16:31 +0100 Subject: [PATCH 23/23] fix+bindarray --- .../com_categories/Model/CategoryModel.php | 60 ++++++++++++------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/administrator/components/com_categories/Model/CategoryModel.php b/administrator/components/com_categories/Model/CategoryModel.php index b5b16530973ab..f8f23cab9ca0a 100644 --- a/administrator/components/com_categories/Model/CategoryModel.php +++ b/administrator/components/com_categories/Model/CategoryModel.php @@ -644,23 +644,28 @@ public function save($data) $db->setQuery($query); $oldKey = $db->loadResult(); - // Deleting old associations for the associated items - $query = $db->getQuery(true) - ->delete($db->quoteName('#__associations')) - ->where($db->quoteName('context') . ' = :associationscontext') - ->bind(':associationscontext', $this->associationsContext); - - if ($associations) - { - $query->where('(' . $db->quoteName('id') . ' IN (' . implode(',', $query->bindArray($associations)) . ') OR ' - . $db->quoteName('key') . ' = :oldkey)' - ) - ->bind(':oldkey', $oldKey); - } - else + if ($associations || $oldKey !== null) { - $query->where($db->quoteName('key') . ' = :key') - ->bind(':key', $oldKey); + $where = []; + + // Deleting old associations for the associated items + $query = $db->getQuery(true) + ->delete($db->quoteName('#__associations')) + ->where($db->quoteName('context') . ' = :associationscontext') + ->bind(':associationscontext', $this->associationsContext); + + if ($associations) + { + $where[] = $db->quoteName('id') . ' IN (' . implode(',', $query->bindArray(array_values($associations))) . ')'; + } + + if ($oldKey !== null) + { + $where[] = $db->quoteName('key') . ' = :oldKey'; + $query->bind(':oldKey', $oldKey); + } + + $query->extendWhere('AND', $where, 'OR'); } $db->setQuery($query); @@ -687,15 +692,28 @@ public function save($data) // Adding new association for these items $key = md5(json_encode($associations)); $query->clear() - ->insert($db->quoteName('#__associations')); + ->insert($db->quoteName('#__associations')) + ->columns( + [ + $db->quoteName('id'), + $db->quoteName('context'), + $db->quoteName('key'), + ] + ); foreach ($associations as $id) { $id = (int) $id; - $query->values(':id$id, :associationscontext$id, :key$id') - ->bind(':id$id', $id, ParameterType::INTEGER) - ->bind(':associationscontext$id', $this->associationsContext) - ->bind(':key$id', $key); + + $query->values( + implode( + ',', + $query->bindArray( + [$id, $this->associationsContext, $key], + [ParameterType::INTEGER, ParameterType::STRING, ParameterType::STRING] + ) + ) + ); } $db->setQuery($query);