[FEATURE] Enable stdWrap for select.where
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Thu, 14 Jul 2011 20:52:34 +0000 (22:52 +0200)
committerSusanne Moog <typo3@susannemoog.de>
Sat, 16 Jul 2011 18:53:57 +0000 (20:53 +0200)
stdWrap was supported at select.andWhere already.

Be careful not to use GPvar with this feature without
securing it (e.g. with stdWrap.intval)

Change-Id: I22c0e2c1c49fdd44ab67b823043a2e07f304e8c8
Resolves: #17881
Reviewed-on: http://review.typo3.org/3337
Reviewed-by: Susanne Moog
Tested-by: Susanne Moog
typo3/sysext/cms/tslib/class.tslib_content.php

index b9810fb..0c2e7a8 100644 (file)
@@ -7399,7 +7399,12 @@ class tslib_cObj {
                if (!$pid_uid_flag) { // If not uid and not pid then uid is set to 0 - which results in nothing!!
                        $query .= ' AND ' . $table . '.uid=0';
                }
-               if ($where = trim($conf['where'])) {
+
+               $where = isset($conf['where.'])
+                       ? trim($this->stdWrap($conf['where'], $conf['where.']))
+                       : trim($conf['where']);
+
+               if ($where) {
                        $query .= ' AND ' . $where;
                }
 
@@ -7418,6 +7423,7 @@ class tslib_cObj {
                $andWhere = isset($conf['andWhere.'])
                        ? trim($this->stdWrap($conf['andWhere'], $conf['andWhere.']))
                        : trim($conf['andWhere']);
+
                if ($andWhere) {
                        $query .= ' AND ' . $andWhere;
                }