[BUGFIX] Prevent malformed SQL query in AbstractDatabaseRecordList 84/50284/2
authorClaus Due <claus@namelesscoder.net>
Wed, 19 Oct 2016 21:22:45 +0000 (23:22 +0200)
committerBenni Mack <benni@typo3.org>
Fri, 21 Oct 2016 12:30:41 +0000 (14:30 +0200)
This change prevents the creation of a malformed SQL query in
AbstractDatabaseRecordList::makeQueryArray. The problem was
caused by the makeSearchString method returning `1=1` from two
early decisions, whereas before it would return a valid query
prepended with AND but containing no search clauses.

Returning an empty string from these two early decisions will
completely solve the issue without breaking the search feature
that uses this function.

Change-Id: Ic9b48bc498a7423d158057fbcee05f976ee1dadf
Resolves: #78353
Releases: master
Reviewed-on: https://review.typo3.org/50284
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php

index a36ed46..2d0aaed 100644 (file)
@@ -911,12 +911,12 @@ class AbstractDatabaseRecordList extends AbstractRecordList
         $tablePidField = $table === 'pages' ? 'uid' : 'pid';
         // Make query, only if table is valid and a search string is actually defined:
         if (empty($this->searchString)) {
-            return '1=1';
+            return '';
         }
 
         $searchableFields = $this->getSearchFields($table);
         if (empty($searchableFields)) {
-            return '1=1';
+            return '';
         }
         if (MathUtility::canBeInterpretedAsInteger($this->searchString)) {
             $constraints[] = $expressionBuilder->eq('uid', (int)$this->searchString);