[BUGFIX] Use tablename for fullQuoteStr call
authorAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 17 Nov 2012 16:49:05 +0000 (17:49 +0100)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Mon, 19 Nov 2012 17:29:34 +0000 (18:29 +0100)
In Typo3DbBackend->replacePlaceholders method always 'foo' is
used as tablename. As long as mysql is used this makes no difference,
but it prevents dbal from ensure proper quotation for other databases.

Fixes: #43058
Releases: 1.3, 4.7, 6.0
Change-Id: I9f08b9026d14d86e704771fd43ec3613045b4698
Reviewed-on: http://review.typo3.org/16534
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbBackend.php

index 2518698..b5539f5 100644 (file)
@@ -150,7 +150,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                        $parameters[] = $value;
                }
                $sqlString = 'INSERT INTO ' . $tableName . ' (' . implode(', ', $fields) . ') VALUES (' . implode(', ', $values) . ')';
-               $this->replacePlaceholders($sqlString, $parameters);
+               $this->replacePlaceholders($sqlString, $parameters, $tableName);
                // debug($sqlString,-2);
                $this->databaseHandle->sql_query($sqlString);
                $this->checkSqlErrors($sqlString);
@@ -184,7 +184,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                }
                $parameters[] = $uid;
                $sqlString = 'UPDATE ' . $tableName . ' SET ' . implode(', ', $fields) . ' WHERE uid=?';
-               $this->replacePlaceholders($sqlString, $parameters);
+               $this->replacePlaceholders($sqlString, $parameters, $tableName);
                // debug($sqlString,-2);
                $returnValue = $this->databaseHandle->sql_query($sqlString);
                $this->checkSqlErrors($sqlString);
@@ -204,7 +204,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
         */
        public function removeRow($tableName, array $identifier, $isRelation = FALSE) {
                $statement = 'DELETE FROM ' . $tableName . ' WHERE ' . $this->parseIdentifier($identifier);
-               $this->replacePlaceholders($statement, $identifier);
+               $this->replacePlaceholders($statement, $identifier, $tableName);
                if (!$isRelation && isset($identifier['uid'])) {
                        $this->clearPageCache($tableName, $identifier['uid'], $isRelation);
                }
@@ -223,7 +223,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
         */
        public function getRowByIdentifier($tableName, array $identifier) {
                $statement = 'SELECT * FROM ' . $tableName . ' WHERE ' . $this->parseIdentifier($identifier);
-               $this->replacePlaceholders($statement, $identifier);
+               $this->replacePlaceholders($statement, $identifier, $tableName);
                // debug($statement,-2);
                $res = $this->databaseHandle->sql_query($statement);
                $this->checkSqlErrors($statement);
@@ -265,7 +265,11 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                        $statementParts = $this->parseQuery($query, $parameters);
                        $sql = $this->buildQuery($statementParts, $parameters);
                }
-               $this->replacePlaceholders($sql, $parameters);
+               $tableName = 'foo';
+               if (is_array($statementParts && !empty($statementParts['tables'][0]))) {
+                       $tableName = $statementParts['tables'][0];
+               }
+               $this->replacePlaceholders($sql, $parameters, $tableName);
                // debug($sql,-2);
                $result = $this->databaseHandle->sql_query($sql);
                $this->checkSqlErrors($sql);
@@ -295,7 +299,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                // if limit is set, we need to count the rows "manually" as COUNT(*) ignores LIMIT constraints
                if (!empty($statementParts['limit'])) {
                        $statement = $this->buildQuery($statementParts, $parameters);
-                       $this->replacePlaceholders($statement, $parameters);
+                       $this->replacePlaceholders($statement, $parameters, $statementParts['tables'][0]);
                        $result = $this->databaseHandle->sql_query($statement);
                        $this->checkSqlErrors($statement);
                        $count = $this->databaseHandle->sql_num_rows($result);
@@ -306,7 +310,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                                $statementParts['fields'] = array('COUNT(DISTINCT ' . reset($statementParts['tables']) . '.uid)');
                        }
                        $statement = $this->buildQuery($statementParts, $parameters);
-                       $this->replacePlaceholders($statement, $parameters);
+                       $this->replacePlaceholders($statement, $parameters, $statementParts['tables'][0]);
                        $result = $this->databaseHandle->sql_query($statement);
                        $this->checkSqlErrors($statement);
                        $rows = $this->getRowsFromResult($query->getSource(), $result);
@@ -403,7 +407,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                if (!empty($sql['additionalWhereClause'])) {
                        $statement .= ' AND ' . implode(' AND ', $sql['additionalWhereClause']);
                }
-               $this->replacePlaceholders($statement, $parameters);
+               $this->replacePlaceholders($statement, $parameters, $tableName);
                // debug($statement,-2);
                $res = $this->databaseHandle->sql_query($statement);
                $this->checkSqlErrors($statement);
@@ -435,7 +439,7 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
        }
 
        /**
-        * Adda a constrint to ensure that the record type of the returned tuples is matching the data type of the repository.
+        * Add a constraint to ensure that the record type of the returned tuples is matching the data type of the repository.
         *
         * @param string $className The class name
         * @param array &$sql The query parts
@@ -458,7 +462,8 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                                if (count($recordTypes) > 0) {
                                        $recordTypeStatements = array();
                                        foreach ($recordTypes as $recordType) {
-                                               $recordTypeStatements[] = $dataMap->getTableName() . '.' . $dataMap->getRecordTypeColumnName() . '=' . $this->databaseHandle->fullQuoteStr($recordType, 'foo');
+                                               $tableName = $dataMap->getTableName();
+                                               $recordTypeStatements[] = $tableName . '.' . $dataMap->getRecordTypeColumnName() . '=' . $this->databaseHandle->fullQuoteStr($recordType, $tableName);
                                        }
                                        $sql['additionalWhereClause'][] = '(' . implode(' OR ', $recordTypeStatements) . ')';
                                }
@@ -774,10 +779,12 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
         *
         * @param string $sqlString The query part with placeholders
         * @param array $parameters The parameters
+        * @param string $tableName
+        *
         * @throws \TYPO3\CMS\Extbase\Persistence\Generic\Exception
         * @return string The query part with replaced placeholders
         */
-       protected function replacePlaceholders(&$sqlString, array $parameters) {
+       protected function replacePlaceholders(&$sqlString, array $parameters, $tableName = 'foo') {
                // TODO profile this method again
                if (substr_count($sqlString, '?') !== count($parameters)) {
                        throw new \TYPO3\CMS\Extbase\Persistence\Generic\Exception('The number of question marks to replace must be equal to the number of parameters.', 1242816074);
@@ -791,11 +798,11 @@ class Typo3DbBackend implements \TYPO3\CMS\Extbase\Persistence\Generic\Storage\B
                                } elseif (is_array($parameter) || $parameter instanceof \ArrayAccess || $parameter instanceof \Traversable) {
                                        $items = array();
                                        foreach ($parameter as $item) {
-                                               $items[] = $this->databaseHandle->fullQuoteStr($item, 'foo');
+                                               $items[] = $this->databaseHandle->fullQuoteStr($item, $tableName);
                                        }
                                        $parameter = '(' . implode(',', $items) . ')';
                                } else {
-                                       $parameter = $this->databaseHandle->fullQuoteStr($parameter, 'foo');
+                                       $parameter = $this->databaseHandle->fullQuoteStr($parameter, $tableName);
                                }
                                $sqlString = substr($sqlString, 0, $markPosition) . $parameter . substr($sqlString, ($markPosition + 1));
                        }