[BUGFIX] Embed parameters in SQL fragment create by getSelectQuery 93/52893/2
authorChrister Vindberg <cvi@systime.dk>
Tue, 18 Apr 2017 10:28:07 +0000 (12:28 +0200)
committerMorton Jonuschat <m.jonuschat@mojocode.de>
Mon, 22 May 2017 10:00:54 +0000 (12:00 +0200)
Use quoted/escaped values embedded in the SQL fragment instead of named
parameters in QueryGenerator::getSelectQuery. The values of named
parameters get lost when the SQL fragment is returned and subsequently
used in a query.

Resolves: #80872
Releases: master, 8.7
Change-Id: If22bf24b75d2aa0efe36e587e38e7c590f3ec34a
Reviewed-on: https://review.typo3.org/52893
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
typo3/sysext/core/Classes/Database/QueryGenerator.php

index d4ad1ba..41922f3 100644 (file)
@@ -1580,9 +1580,9 @@ class QueryGenerator
      * Get select query
      *
      * @param string $qString
-     * @return bool|\mysqli_result|object
+     * @return string
      */
-    public function getSelectQuery($qString = '')
+    public function getSelectQuery($qString = ''): string
     {
         $backendUserAuthentication = $this->getBackendUserAuthentication();
         $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->table);
@@ -1623,25 +1623,22 @@ class QueryGenerator
                 $webMountPageTree .= $webMountPageTreePrefix
                     . $this->getTreeList($webMount, 999, ($begin = 0), $perms_clause);
             }
+            // createNamedParameter() is not used here because the SQL fragment will only include
+            // the :dcValueX placeholder when the query is returned as a string. The value for the
+            // placeholder would be lost in the process.
             if ($this->table === 'pages') {
                 $queryBuilder->where(
                     QueryHelper::stripLogicalOperatorPrefix($perms_clause),
                     $queryBuilder->expr()->in(
                         'uid',
-                        $queryBuilder->createNamedParameter(
-                            GeneralUtility::intExplode(',', $webMountPageTree),
-                            Connection::PARAM_INT_ARRAY
-                        )
+                        GeneralUtility::intExplode(',', $webMountPageTree)
                     )
                 );
             } else {
                 $queryBuilder->where(
                     $queryBuilder->expr()->in(
                         'pid',
-                        $queryBuilder->createNamedParameter(
-                            GeneralUtility::intExplode(',', $webMountPageTree),
-                            Connection::PARAM_INT_ARRAY
-                        )
+                        GeneralUtility::intExplode(',', $webMountPageTree)
                     )
                 );
             }