[TASK] Refactor use of queryBuilder to use prepared statements 90/50090/17
authorManuel Selbach <manuel_selbach@yahoo.de>
Thu, 6 Oct 2016 07:24:58 +0000 (09:24 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 26 Oct 2016 13:50:58 +0000 (15:50 +0200)
commitd478cbe9955011c9fa50c0c1eeabaa8c0f181a63
tree4b8034840b1d7e35cf0cc3a4559ff2946c07752c
parent9e3cca871764f6464f2e5d6f54b06c0bf5804013
[TASK] Refactor use of queryBuilder to use prepared statements

To remove the susceptiblity to errors of SQL injections within the core
the principle of prepared statements should be followed for all queries.
Even variables which will be casted to e.g. an integer should use
setParameter(), setParameters() or createNamedParameter().

Change-Id: I7d6d256a199ba05f75791eb01f38b3b89b421989
Resolves: #78437
Releases: master
Reviewed-on: https://review.typo3.org/50090
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
179 files changed:
typo3/sysext/backend/Classes/Backend/Avatar/DefaultAvatarProvider.php
typo3/sysext/backend/Classes/Backend/ToolbarItems/ShortcutToolbarItem.php
typo3/sysext/backend/Classes/Clipboard/Clipboard.php
typo3/sysext/backend/Classes/Configuration/TranslationConfigurationProvider.php
typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Controller/Wizard/RteController.php
typo3/sysext/backend/Classes/Domain/Repository/Localization/LocalizationRepository.php
typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractDatabaseRecordProvider.php
typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
typo3/sysext/backend/Classes/Form/FormDataProvider/DatabasePageLanguageOverlayRows.php
typo3/sysext/backend/Classes/Form/FormDataProvider/DatabaseSystemLanguageRows.php
typo3/sysext/backend/Classes/Form/Wizard/SuggestWizardDefaultReceiver.php
typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
typo3/sysext/backend/Classes/History/RecordHistory.php
typo3/sysext/backend/Classes/RecordList/AbstractRecordList.php
typo3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php
typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php
typo3/sysext/backend/Classes/Tree/Pagetree/DataProvider.php
typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
typo3/sysext/backend/Classes/Tree/View/BrowseTreeView.php
typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/backend/Classes/View/BackendLayout/DefaultDataProvider.php
typo3/sysext/backend/Classes/View/BackendLayoutView.php
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/backend/Classes/ViewHelpers/AvatarViewHelper.php
typo3/sysext/backend/Tests/Functional/Controller/Page/LocalizationControllerTest.php
typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/DatabaseSystemLanguageRowsTest.php
typo3/sysext/backend/Tests/Unit/Utility/BackendUtilityTest.php
typo3/sysext/belog/Classes/Controller/SystemInformationController.php
typo3/sysext/beuser/Classes/Controller/BackendUserController.php
typo3/sysext/beuser/Classes/Domain/Repository/BackendUserSessionRepository.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/PagesViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysFileMountsViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysLanguageViewHelper.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Cache/Backend/Typo3DatabaseBackend.php
typo3/sysext/core/Classes/Category/Collection/CategoryCollection.php
typo3/sysext/core/Classes/Collection/AbstractRecordCollection.php
typo3/sysext/core/Classes/Collection/RecordCollectionRepository.php
typo3/sysext/core/Classes/Collection/StaticRecordCollection.php
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/core/Classes/DataHandling/PlainDataResolver.php
typo3/sysext/core/Classes/Database/Query/Restriction/BackendWorkspaceRestriction.php
typo3/sysext/core/Classes/Database/Query/Restriction/FrontendWorkspaceRestriction.php
typo3/sysext/core/Classes/Database/QueryGenerator.php
typo3/sysext/core/Classes/Database/QueryView.php
typo3/sysext/core/Classes/Database/ReferenceIndex.php
typo3/sysext/core/Classes/Database/RelationHandler.php
typo3/sysext/core/Classes/Database/Schema/SchemaMigrator.php
typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
typo3/sysext/core/Classes/Integrity/DatabaseIntegrityCheck.php
typo3/sysext/core/Classes/Resource/AbstractRepository.php
typo3/sysext/core/Classes/Resource/Collection/CategoryBasedFileCollection.php
typo3/sysext/core/Classes/Resource/FileRepository.php
typo3/sysext/core/Classes/Resource/Index/FileIndexRepository.php
typo3/sysext/core/Classes/Resource/Index/MetaDataRepository.php
typo3/sysext/core/Classes/Resource/ProcessedFileRepository.php
typo3/sysext/core/Classes/Resource/ResourceFactory.php
typo3/sysext/core/Classes/Tests/FunctionalTestCase.php
typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php
typo3/sysext/core/Classes/TypoScript/ExtendedTemplateService.php
typo3/sysext/core/Classes/TypoScript/TemplateService.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Classes/Utility/RootlineUtility.php
typo3/sysext/core/Tests/Functional/Category/Collection/CategoryCollectionTest.php
typo3/sysext/core/Tests/Functional/DataHandling/AbstractDataHandlerActionTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/FlexformIrre/ActionTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/Framework/ActionService.php
typo3/sysext/core/Tests/Unit/Resource/Repository/AbstractRepositoryTest.php
typo3/sysext/core/Tests/Unit/Tree/TableConfiguration/DatabaseTreeDataProviderTest.php
typo3/sysext/core/Tests/Unit/Utility/File/ExtendedFileUtilityTest.php
typo3/sysext/extbase/Classes/Configuration/BackendConfigurationManager.php
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbBackend.php
typo3/sysext/extbase/Classes/Service/ExtensionService.php
typo3/sysext/extbase/Tests/Functional/Persistence/AddTest.php
typo3/sysext/extbase/Tests/Functional/Persistence/RelationTest.php
typo3/sysext/extbase/Tests/Unit/Persistence/Generic/Storage/Typo3DbQueryParserTest.php
typo3/sysext/extbase/Tests/Unit/Service/ExtensionServiceTest.php
typo3/sysext/extensionmanager/Classes/Domain/Repository/ExtensionRepository.php
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/filelist/Classes/FileFacade.php
typo3/sysext/filelist/Classes/FileList.php
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/frontend/Classes/Category/Collection/CategoryCollection.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Classes/ContentObject/Menu/AbstractMenuContentObject.php
typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3/sysext/frontend/Classes/Hooks/TreelistCacheUpdateHooks.php
typo3/sysext/frontend/Classes/Page/PageRepository.php
typo3/sysext/frontend/Classes/Plugin/AbstractPlugin.php
typo3/sysext/frontend/Classes/View/AdminPanelView.php
typo3/sysext/impexp/Classes/Controller/ImportExportController.php
typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php
typo3/sysext/impexp/Classes/Import.php
typo3/sysext/impexp/Classes/Task/ImportExportTask.php
typo3/sysext/impexp/Tests/Functional/Export/AbstractExportTestCase.php
typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Classes/Domain/Repository/AdministrationRepository.php
typo3/sysext/indexed_search/Classes/Domain/Repository/IndexSearchRepository.php
typo3/sysext/indexed_search/Classes/Hook/CrawlerHook.php
typo3/sysext/indexed_search/Classes/Indexer.php
typo3/sysext/info_pagetsconfig/Classes/Controller/InfoPageTyposcriptConfigController.php
typo3/sysext/install/Classes/Controller/Action/Step/DatabaseSelect.php
typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck.php
typo3/sysext/install/Classes/Updates/BackendUserStartModuleUpdate.php
typo3/sysext/install/Classes/Updates/ContentTypesToTextMediaUpdate.php
typo3/sysext/install/Classes/Updates/DatabaseCharsetUpdate.php
typo3/sysext/install/Classes/Updates/FileListIsStartModuleUpdate.php
typo3/sysext/install/Classes/Updates/FilesReplacePermissionUpdate.php
typo3/sysext/install/Classes/Updates/FrontendUserImageUpdateWizard.php
typo3/sysext/install/Classes/Updates/LanguageIsoCodeUpdate.php
typo3/sysext/install/Classes/Updates/MigrateMediaToAssetsForTextMediaCe.php
typo3/sysext/install/Classes/Updates/MigrateShortcutUrlsAgainUpdate.php
typo3/sysext/install/Classes/Updates/PageShortcutParentUpdate.php
typo3/sysext/install/Classes/Updates/ProcessedFileChecksumUpdate.php
typo3/sysext/install/Classes/Updates/TableFlexFormToTtContentFieldsUpdate.php
typo3/sysext/install/Classes/Updates/WorkspacesNotificationSettingsUpdate.php
typo3/sysext/linkvalidator/Classes/LinkAnalyzer.php
typo3/sysext/linkvalidator/Classes/Linktype/InternalLinktype.php
typo3/sysext/linkvalidator/Classes/Linktype/LinkHandler.php
typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php
typo3/sysext/lowlevel/Classes/CleanerCommand.php
typo3/sysext/lowlevel/Classes/Command/ListSysLogCommand.php
typo3/sysext/lowlevel/Classes/DoubleFilesCommand.php
typo3/sysext/lowlevel/Classes/LostFilesCommand.php
typo3/sysext/lowlevel/Classes/MissingFilesCommand.php
typo3/sysext/lowlevel/Classes/MissingRelationsCommand.php
typo3/sysext/lowlevel/Classes/OrphanRecordsCommand.php
typo3/sysext/lowlevel/Classes/RteImagesCommand.php
typo3/sysext/lowlevel/Classes/VersionsCommand.php
typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
typo3/sysext/recycler/Classes/Domain/Model/DeletedRecords.php
typo3/sysext/recycler/Classes/Domain/Model/Tables.php
typo3/sysext/recycler/Classes/Task/CleanerTask.php
typo3/sysext/recycler/Classes/Utility/RecyclerUtility.php
typo3/sysext/recycler/Tests/Unit/Task/CleanerTaskTest.php
typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php
typo3/sysext/reports/Classes/Report/Status/FalStatus.php
typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
typo3/sysext/rtehtmlarea/Classes/Extension/Abbreviation.php
typo3/sysext/rtehtmlarea/Classes/Extension/Language.php
typo3/sysext/rtehtmlarea/Classes/Hook/Install/DeprecatedRteProperties.php
typo3/sysext/rtehtmlarea/Classes/Hook/Install/RteAcronymButtonRenamedToAbbreviation.php
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
typo3/sysext/saltedpasswords/Tests/Functional/SaltedPasswordServiceTest.php
typo3/sysext/saltedpasswords/Tests/Functional/Task/BulkUpdateTaskTest.php
typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php
typo3/sysext/scheduler/Classes/Scheduler.php
typo3/sysext/scheduler/Classes/Task/AbstractTask.php
typo3/sysext/scheduler/Classes/Task/OptimizeDatabaseTableAdditionalFieldProvider.php
typo3/sysext/scheduler/Classes/Task/TableGarbageCollectionTask.php
typo3/sysext/setup/Classes/Controller/SetupModuleController.php
typo3/sysext/sv/Classes/AuthenticationService.php
typo3/sysext/sys_action/Classes/ActionTask.php
typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php
typo3/sysext/sys_note/Classes/Core/Bootstrap.php
typo3/sysext/version/Classes/Controller/VersionModuleController.php
typo3/sysext/version/Classes/Dependency/ElementEntity.php
typo3/sysext/version/Classes/Hook/DataHandlerHook.php
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/viewpage/Classes/Controller/ViewModuleController.php
typo3/sysext/workspaces/Classes/Domain/Record/AbstractRecord.php
typo3/sysext/workspaces/Classes/Domain/Record/WorkspaceRecord.php
typo3/sysext/workspaces/Classes/ExtDirect/ExtDirectServer.php
typo3/sysext/workspaces/Classes/Hook/DataHandlerHook.php
typo3/sysext/workspaces/Classes/Service/AutoPublishService.php
typo3/sysext/workspaces/Classes/Service/RecordService.php
typo3/sysext/workspaces/Classes/Service/StagesService.php
typo3/sysext/workspaces/Classes/Service/WorkspaceService.php
typo3/sysext/workspaces/Classes/Task/CleanupPreviewLinkTask.php