[BUGFIX] Fix wrong query constraints in AbstractItemProvider 13/48913/4
authorMorton Jonuschat <m.jonuschat@mojocode.de>
Tue, 12 Jul 2016 01:17:01 +0000 (18:17 -0700)
committerWouter Wolters <typo3@wouterwolters.nl>
Wed, 13 Jul 2016 19:22:13 +0000 (21:22 +0200)
Apply proper constraints in the case of rootlevel == 1 or
rootlevel == -1

Change-Id: I92a8edc800bab6320f0e10ad4f63a5f53b27df06
Resolves: #77045
Related: #75650
Releases: master
Reviewed-on: https://review.typo3.org/48913
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectItemsTest.php
typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/TcaSelectTreeItemsTest.php

index 8a0448f..3da5caa 100644 (file)
@@ -919,7 +919,8 @@ abstract class AbstractItemProvider
 
         $queryBuilder
             ->select(...GeneralUtility::trimExplode(',', $fieldList, true))
-            ->from($foreignTableName);
+            ->from($foreignTableName)
+            ->where($foreignTableClauseArray['WHERE']);
 
         if (!empty($foreignTableClauseArray['GROUPBY'])) {
             $queryBuilder->groupBy($foreignTableClauseArray['GROUPBY']);
@@ -950,14 +951,11 @@ abstract class AbstractItemProvider
         }
 
         if ($rootLevel === -1) {
-            $queryBuilder->where($queryBuilder->expr()->neq($foreignTableName . '.pid', -1));
+            $queryBuilder->andWhere($queryBuilder->expr()->neq($foreignTableName . '.pid', -1));
         } elseif ($rootLevel === 1) {
-            $queryBuilder->where($queryBuilder->expr()->neq($foreignTableName . '.pid', 0));
+            $queryBuilder->andWhere($queryBuilder->expr()->eq($foreignTableName . '.pid', 0));
         } else {
-            $queryBuilder->where(
-                $backendUser->getPagePermsClause(1),
-                $foreignTableClauseArray['WHERE']
-            );
+            $queryBuilder->andWhere($backendUser->getPagePermsClause(1));
             if ($foreignTableName !== 'pages') {
                 $queryBuilder
                     ->from('pages')
index e8a0c49..41e5a02 100755 (executable)
@@ -18,6 +18,7 @@ use TYPO3\CMS\Backend\Routing\UriBuilder;
 use TYPO3\CMS\Backend\Template\DocumentTemplate;
 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
 use TYPO3\CMS\Core\Cache\CacheManager;
+use TYPO3\CMS\Core\Cache\Frontend\VariableFrontend;
 use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\DatabaseConnection;
@@ -687,7 +688,7 @@ class BackendUtility
      *
      * @param int $id Page uid for which to check read-access
      * @param string $perms_clause This is typically a value generated with static::getBackendUserAuthentication()->getPagePermsClause(1);
-     * @return array Returns page record if OK, otherwise FALSE.
+     * @return array|bool Returns page record if OK, otherwise FALSE.
      */
     public static function readPageAccess($id, $perms_clause)
     {
@@ -2285,9 +2286,9 @@ class BackendUtility
                             while ($MMrow = $result->fetch()) {
                                 // Keep sorting of $selectUids
                                 $selectedUid = array_search($MMrow['uid'], $selectUids);
-                                $mmlA[$selectedUid] =  $MMrow['uid'];
+                                $mmlA[$selectedUid] = $MMrow['uid'];
                                 if (!$noRecordLookup) {
-                                    $mmlA[$selectedUid] =  static::getRecordTitle(
+                                    $mmlA[$selectedUid] = static::getRecordTitle(
                                         $theColConf['foreign_table'],
                                         $MMrow,
                                         false,
@@ -4136,11 +4137,11 @@ class BackendUtility
             $count = $queryBuilder->execute()->fetchColumn(0);
         }
 
-        if ($count && $msg) {
-            return sprintf($msg, $count);
+        if ($count) {
+            return $msg ? sprintf($msg, $count) : $count;
+        } else {
+            return $msg ? '' : 0;
         }
-
-        return $count ?? '';
     }
 
     /**
@@ -4179,7 +4180,11 @@ class BackendUtility
             return sprintf($msg, $count);
         }
 
-        return $count ?? '';
+        if ($count) {
+            return $msg ? sprintf($msg, $count) : $count;
+        } else {
+            return $msg ? '' : 0;
+        }
     }
 
     /*******************************************
@@ -4239,7 +4244,7 @@ class BackendUtility
                 )
                 ->orderBy('t3ver_id', 'DESC');
 
-            if ($includeDeletedRecords === false) {
+            if (!$includeDeletedRecords) {
                 $queryBuilder->getRestrictions()->add(GeneralUtility::makeInstance(DeletedRestriction::class));
             }
 
@@ -4454,7 +4459,7 @@ class BackendUtility
      * @param string $table Table name to select from
      * @param int $uid Record uid for which to find workspace version.
      * @param string $fields Field list to select
-     * @return array If found, return record, otherwise FALSE
+     * @return array|bool If found, return record, otherwise false
      */
     public static function getWorkspaceVersionOfRecord($workspace, $table, $uid, $fields = '*')
     {
@@ -4497,7 +4502,7 @@ class BackendUtility
     public static function getLiveVersionOfRecord($table, $uid, $fields = '*')
     {
         $liveVersionId = self::getLiveVersionIdOfRecord($table, $uid);
-        if (is_null($liveVersionId) === false) {
+        if ($liveVersionId !== null) {
             return self::getRecord($table, $liveVersionId, $fields);
         }
         return null;
@@ -4584,7 +4589,7 @@ class BackendUtility
      * @param int $uid Record UID of online version
      * @param string $fields Field list, default is *
      * @param int|NULL $workspace The workspace to be used
-     * @return array If found, the record, otherwise nothing.
+     * @return array|bool If found, the record, otherwise false
      */
     public static function getMovePlaceholder($table, $uid, $fields = '*', $workspace = null)
     {
@@ -4603,7 +4608,7 @@ class BackendUtility
                 ->from($table)
                 ->where(
                     $queryBuilder->expr()->neq('pid', -1),
-                    $queryBuilder->expr()->eq('t3ver_state', new VersionState(VersionState::MOVE_PLACEHOLDER)),
+                    $queryBuilder->expr()->eq('t3ver_state', (string)(new VersionState(VersionState::MOVE_PLACEHOLDER))),
                     $queryBuilder->expr()->eq('t3ver_move_id', (int)$uid),
                     $queryBuilder->expr()->eq('t3ver_wsid', (int)$workspace)
                 )
index 65a9080..afd7777 100644 (file)
@@ -128,7 +128,10 @@ class TcaSelectItemsTest extends UnitTestCase
         $queryBuilderProphet->from('pages')
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', '')
+        $queryBuilderProphet->where('')
+            ->shouldBeCalled()
+            ->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `foreignTable.pid`')
@@ -1361,7 +1364,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace REC_FIELD' => [
                 'AND fTable.title=\'###REC_FIELD_rowField###\'',
                 [
-                    [' 1=1', 'fTable.title=\'rowFieldValue\''],
+                    ['fTable.title=\'rowFieldValue\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1369,7 +1373,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace REC_FIELD within FlexForm' => [
                 'AND fTable.title=###REC_FIELD_rowFieldFlexForm###',
                 [
-                    [' 1=1', 'fTable.title=\'rowFieldFlexFormValue\''],
+                    ['fTable.title=\'rowFieldFlexFormValue\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1388,7 +1393,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace REC_FIELD fullQuote' => [
                 'AND fTable.title=###REC_FIELD_rowField###',
                 [
-                    [' 1=1', 'fTable.title=\'rowFieldValue\''],
+                    ['fTable.title=\'rowFieldValue\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1396,7 +1402,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace REC_FIELD fullQuoteWithArray' => [
                 'AND fTable.title=###REC_FIELD_rowFieldThree###',
                 [
-                    [' 1=1', 'fTable.title=\'rowFieldThreeValue\''],
+                    ['fTable.title=\'rowFieldThreeValue\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1410,7 +1417,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace REC_FIELD multiple markers' => [
                 'AND fTable.title=\'###REC_FIELD_rowField###\' AND fTable.pid=###REC_FIELD_rowFieldTwo###',
                 [
-                    [' 1=1', 'fTable.title=\'rowFieldValue\' AND fTable.pid=\'rowFieldTwoValue\''],
+                    ['fTable.title=\'rowFieldValue\' AND fTable.pid=\'rowFieldTwoValue\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1418,7 +1426,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace CURRENT_PID' => [
                 'AND fTable.uid=###CURRENT_PID###',
                 [
-                    [' 1=1', 'fTable.uid=43'],
+                    ['fTable.uid=43'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1426,7 +1435,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace CURRENT_PID within FlexForm' => [
                 'AND fTable.uid=###CURRENT_PID###',
                 [
-                    [' 1=1', 'fTable.uid=77'],
+                    ['fTable.uid=77'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1438,7 +1448,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace CURRENT_PID integer cast' => [
                 'AND fTable.uid=###CURRENT_PID###',
                 [
-                    [' 1=1', 'fTable.uid=431'],
+                    ['fTable.uid=431'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1448,7 +1459,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace THIS_UID' => [
                 'AND fTable.uid=###THIS_UID###',
                 [
-                    [' 1=1', 'fTable.uid=42'],
+                    ['fTable.uid=42'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1456,7 +1468,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace THIS_UID integer cast' => [
                 'AND fTable.uid=###THIS_UID###',
                 [
-                    [' 1=1', 'fTable.uid=421'],
+                    ['fTable.uid=421'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1468,7 +1481,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace SITEROOT' => [
                 'AND fTable.uid=###SITEROOT###',
                 [
-                    [' 1=1', 'fTable.uid=44'],
+                    ['fTable.uid=44'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [],
@@ -1476,7 +1490,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace SITEROOT integer cast' => [
                 'AND fTable.uid=###SITEROOT###',
                 [
-                    [' 1=1', 'fTable.uid=441'],
+                    ['fTable.uid=441'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1490,7 +1505,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace PAGE_TSCONFIG_ID' => [
                 'AND fTable.uid=###PAGE_TSCONFIG_ID###',
                 [
-                    [' 1=1', 'fTable.uid=45'],
+                    ['fTable.uid=45'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1508,7 +1524,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace PAGE_TSCONFIG_ID integer cast' => [
                 'AND fTable.uid=###PAGE_TSCONFIG_ID###',
                 [
-                    [' 1=1', 'fTable.uid=451'],
+                    ['fTable.uid=451'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1526,7 +1543,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace PAGE_TSCONFIG_STR' => [
                 'AND fTable.uid=\'###PAGE_TSCONFIG_STR###\'',
                 [
-                    [' 1=1', 'fTable.uid=\'46\''],
+                    ['fTable.uid=\'46\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1544,7 +1562,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace PAGE_TSCONFIG_IDLIST' => [
                 'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
                 [
-                    [' 1=1', 'fTable.uid IN (47,48)'],
+                    ['fTable.uid IN (47,48)'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1562,7 +1581,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'replace PAGE_TSCONFIG_IDLIST cleans list' => [
                 'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
                 [
-                    [' 1=1', 'fTable.uid IN (471,481)'],
+                    ['fTable.uid IN (471,481)'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1580,7 +1600,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'deprecated flexHack PAGE_TSCONFIG_ID is substituted' => [
                 'AND fTable.uid=###PAGE_TSCONFIG_ID###',
                 [
-                    [' 1=1', 'fTable.uid=123'],
+                    ['fTable.uid=123'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1594,7 +1615,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'deprecated flexHack PAGE_TSCONFIG_IDLIST is substituted' => [
                 'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
                 [
-                    [' 1=1', 'fTable.uid IN (123,124)'],
+                    ['fTable.uid IN (123,124)'],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1608,7 +1630,8 @@ class TcaSelectItemsTest extends UnitTestCase
             'deprecated flexHack PAGE_TSCONFIG_STR is substituted' => [
                 'AND fTable.uid=\'###PAGE_TSCONFIG_STR###\'',
                 [
-                    [' 1=1', 'fTable.uid=\'aString\''],
+                    ['fTable.uid=\'aString\''],
+                    [' 1=1'],
                     ['`pages.uid` = `fTable.pid`']
                 ],
                 [
@@ -1765,7 +1788,8 @@ class TcaSelectItemsTest extends UnitTestCase
         $queryBuilderProphet->addOrderBy('orderField', null)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->setFirstResult(1)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->setMaxResults(2)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', 'ftable.uid=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->where('ftable.uid=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
 
@@ -1831,7 +1855,8 @@ class TcaSelectItemsTest extends UnitTestCase
         $queryBuilderProphet->select('fTable.uid')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
 
@@ -1905,7 +1930,8 @@ class TcaSelectItemsTest extends UnitTestCase
         $queryBuilderProphet->select('fTable.uid')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
 
@@ -2002,7 +2028,8 @@ class TcaSelectItemsTest extends UnitTestCase
         $queryBuilderProphet->select('fTable.uid', 'fTable.icon')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
 
index f99bf80..ea5c7b7 100644 (file)
@@ -112,7 +112,10 @@ class TcaSelectTreeItemsTest extends UnitTestCase
         $queryBuilderProphet->from('pages')
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where(' 1=1', '')
+        $queryBuilderProphet->where('')
+            ->shouldBeCalled()
+            ->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->andWhere(' 1=1')
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->andWhere('`pages.uid` = `foreignTable.pid`')