[TASK] Refactor use of queryBuilder to use prepared statements 90/50090/17
authorManuel Selbach <manuel_selbach@yahoo.de>
Thu, 6 Oct 2016 07:24:58 +0000 (09:24 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 26 Oct 2016 13:50:58 +0000 (15:50 +0200)
To remove the susceptiblity to errors of SQL injections within the core
the principle of prepared statements should be followed for all queries.
Even variables which will be casted to e.g. an integer should use
setParameter(), setParameters() or createNamedParameter().

Change-Id: I7d6d256a199ba05f75791eb01f38b3b89b421989
Resolves: #78437
Releases: master
Reviewed-on: https://review.typo3.org/50090
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
179 files changed:
typo3/sysext/backend/Classes/Backend/Avatar/DefaultAvatarProvider.php
typo3/sysext/backend/Classes/Backend/ToolbarItems/ShortcutToolbarItem.php
typo3/sysext/backend/Classes/Clipboard/Clipboard.php
typo3/sysext/backend/Classes/Configuration/TranslationConfigurationProvider.php
typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Controller/Wizard/RteController.php
typo3/sysext/backend/Classes/Domain/Repository/Localization/LocalizationRepository.php
typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractDatabaseRecordProvider.php
typo3/sysext/backend/Classes/Form/FormDataProvider/AbstractItemProvider.php
typo3/sysext/backend/Classes/Form/FormDataProvider/DatabasePageLanguageOverlayRows.php
typo3/sysext/backend/Classes/Form/FormDataProvider/DatabaseSystemLanguageRows.php
typo3/sysext/backend/Classes/Form/Wizard/SuggestWizardDefaultReceiver.php
typo3/sysext/backend/Classes/FrontendBackendUserAuthentication.php
typo3/sysext/backend/Classes/History/RecordHistory.php
typo3/sysext/backend/Classes/RecordList/AbstractRecordList.php
typo3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php
typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php
typo3/sysext/backend/Classes/Tree/Pagetree/DataProvider.php
typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
typo3/sysext/backend/Classes/Tree/View/BrowseTreeView.php
typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/backend/Classes/View/BackendLayout/DefaultDataProvider.php
typo3/sysext/backend/Classes/View/BackendLayoutView.php
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/backend/Classes/ViewHelpers/AvatarViewHelper.php
typo3/sysext/backend/Tests/Functional/Controller/Page/LocalizationControllerTest.php
typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/DatabaseSystemLanguageRowsTest.php
typo3/sysext/backend/Tests/Unit/Utility/BackendUtilityTest.php
typo3/sysext/belog/Classes/Controller/SystemInformationController.php
typo3/sysext/beuser/Classes/Controller/BackendUserController.php
typo3/sysext/beuser/Classes/Domain/Repository/BackendUserSessionRepository.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/PagesViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysFileMountsViewHelper.php
typo3/sysext/beuser/Classes/ViewHelpers/Display/SysLanguageViewHelper.php
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Cache/Backend/Typo3DatabaseBackend.php
typo3/sysext/core/Classes/Category/Collection/CategoryCollection.php
typo3/sysext/core/Classes/Collection/AbstractRecordCollection.php
typo3/sysext/core/Classes/Collection/RecordCollectionRepository.php
typo3/sysext/core/Classes/Collection/StaticRecordCollection.php
typo3/sysext/core/Classes/DataHandling/DataHandler.php
typo3/sysext/core/Classes/DataHandling/PlainDataResolver.php
typo3/sysext/core/Classes/Database/Query/Restriction/BackendWorkspaceRestriction.php
typo3/sysext/core/Classes/Database/Query/Restriction/FrontendWorkspaceRestriction.php
typo3/sysext/core/Classes/Database/QueryGenerator.php
typo3/sysext/core/Classes/Database/QueryView.php
typo3/sysext/core/Classes/Database/ReferenceIndex.php
typo3/sysext/core/Classes/Database/RelationHandler.php
typo3/sysext/core/Classes/Database/Schema/SchemaMigrator.php
typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
typo3/sysext/core/Classes/Integrity/DatabaseIntegrityCheck.php
typo3/sysext/core/Classes/Resource/AbstractRepository.php
typo3/sysext/core/Classes/Resource/Collection/CategoryBasedFileCollection.php
typo3/sysext/core/Classes/Resource/FileRepository.php
typo3/sysext/core/Classes/Resource/Index/FileIndexRepository.php
typo3/sysext/core/Classes/Resource/Index/MetaDataRepository.php
typo3/sysext/core/Classes/Resource/ProcessedFileRepository.php
typo3/sysext/core/Classes/Resource/ResourceFactory.php
typo3/sysext/core/Classes/Tests/FunctionalTestCase.php
typo3/sysext/core/Classes/Tree/TableConfiguration/DatabaseTreeDataProvider.php
typo3/sysext/core/Classes/TypoScript/ExtendedTemplateService.php
typo3/sysext/core/Classes/TypoScript/TemplateService.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Classes/Utility/RootlineUtility.php
typo3/sysext/core/Tests/Functional/Category/Collection/CategoryCollectionTest.php
typo3/sysext/core/Tests/Functional/DataHandling/AbstractDataHandlerActionTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/FlexformIrre/ActionTestCase.php
typo3/sysext/core/Tests/Functional/DataHandling/Framework/ActionService.php
typo3/sysext/core/Tests/Unit/Resource/Repository/AbstractRepositoryTest.php
typo3/sysext/core/Tests/Unit/Tree/TableConfiguration/DatabaseTreeDataProviderTest.php
typo3/sysext/core/Tests/Unit/Utility/File/ExtendedFileUtilityTest.php
typo3/sysext/extbase/Classes/Configuration/BackendConfigurationManager.php
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbBackend.php
typo3/sysext/extbase/Classes/Service/ExtensionService.php
typo3/sysext/extbase/Tests/Functional/Persistence/AddTest.php
typo3/sysext/extbase/Tests/Functional/Persistence/RelationTest.php
typo3/sysext/extbase/Tests/Unit/Persistence/Generic/Storage/Typo3DbQueryParserTest.php
typo3/sysext/extbase/Tests/Unit/Service/ExtensionServiceTest.php
typo3/sysext/extensionmanager/Classes/Domain/Repository/ExtensionRepository.php
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/filelist/Classes/FileFacade.php
typo3/sysext/filelist/Classes/FileList.php
typo3/sysext/frontend/Classes/Authentication/FrontendUserAuthentication.php
typo3/sysext/frontend/Classes/Category/Collection/CategoryCollection.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Classes/ContentObject/Menu/AbstractMenuContentObject.php
typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3/sysext/frontend/Classes/Hooks/TreelistCacheUpdateHooks.php
typo3/sysext/frontend/Classes/Page/PageRepository.php
typo3/sysext/frontend/Classes/Plugin/AbstractPlugin.php
typo3/sysext/frontend/Classes/View/AdminPanelView.php
typo3/sysext/impexp/Classes/Controller/ImportExportController.php
typo3/sysext/impexp/Classes/Domain/Repository/PresetRepository.php
typo3/sysext/impexp/Classes/Import.php
typo3/sysext/impexp/Classes/Task/ImportExportTask.php
typo3/sysext/impexp/Tests/Functional/Export/AbstractExportTestCase.php
typo3/sysext/indexed_search/Classes/Controller/AdministrationController.php
typo3/sysext/indexed_search/Classes/Controller/SearchController.php
typo3/sysext/indexed_search/Classes/Domain/Repository/AdministrationRepository.php
typo3/sysext/indexed_search/Classes/Domain/Repository/IndexSearchRepository.php
typo3/sysext/indexed_search/Classes/Hook/CrawlerHook.php
typo3/sysext/indexed_search/Classes/Indexer.php
typo3/sysext/info_pagetsconfig/Classes/Controller/InfoPageTyposcriptConfigController.php
typo3/sysext/install/Classes/Controller/Action/Step/DatabaseSelect.php
typo3/sysext/install/Classes/SystemEnvironment/DatabaseCheck.php
typo3/sysext/install/Classes/Updates/BackendUserStartModuleUpdate.php
typo3/sysext/install/Classes/Updates/ContentTypesToTextMediaUpdate.php
typo3/sysext/install/Classes/Updates/DatabaseCharsetUpdate.php
typo3/sysext/install/Classes/Updates/FileListIsStartModuleUpdate.php
typo3/sysext/install/Classes/Updates/FilesReplacePermissionUpdate.php
typo3/sysext/install/Classes/Updates/FrontendUserImageUpdateWizard.php
typo3/sysext/install/Classes/Updates/LanguageIsoCodeUpdate.php
typo3/sysext/install/Classes/Updates/MigrateMediaToAssetsForTextMediaCe.php
typo3/sysext/install/Classes/Updates/MigrateShortcutUrlsAgainUpdate.php
typo3/sysext/install/Classes/Updates/PageShortcutParentUpdate.php
typo3/sysext/install/Classes/Updates/ProcessedFileChecksumUpdate.php
typo3/sysext/install/Classes/Updates/TableFlexFormToTtContentFieldsUpdate.php
typo3/sysext/install/Classes/Updates/WorkspacesNotificationSettingsUpdate.php
typo3/sysext/linkvalidator/Classes/LinkAnalyzer.php
typo3/sysext/linkvalidator/Classes/Linktype/InternalLinktype.php
typo3/sysext/linkvalidator/Classes/Linktype/LinkHandler.php
typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php
typo3/sysext/lowlevel/Classes/CleanerCommand.php
typo3/sysext/lowlevel/Classes/Command/ListSysLogCommand.php
typo3/sysext/lowlevel/Classes/DoubleFilesCommand.php
typo3/sysext/lowlevel/Classes/LostFilesCommand.php
typo3/sysext/lowlevel/Classes/MissingFilesCommand.php
typo3/sysext/lowlevel/Classes/MissingRelationsCommand.php
typo3/sysext/lowlevel/Classes/OrphanRecordsCommand.php
typo3/sysext/lowlevel/Classes/RteImagesCommand.php
typo3/sysext/lowlevel/Classes/VersionsCommand.php
typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
typo3/sysext/recycler/Classes/Domain/Model/DeletedRecords.php
typo3/sysext/recycler/Classes/Domain/Model/Tables.php
typo3/sysext/recycler/Classes/Task/CleanerTask.php
typo3/sysext/recycler/Classes/Utility/RecyclerUtility.php
typo3/sysext/recycler/Tests/Unit/Task/CleanerTaskTest.php
typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php
typo3/sysext/reports/Classes/Report/Status/FalStatus.php
typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
typo3/sysext/rsaauth/Classes/Storage/SplitStorage.php
typo3/sysext/rtehtmlarea/Classes/Extension/Abbreviation.php
typo3/sysext/rtehtmlarea/Classes/Extension/Language.php
typo3/sysext/rtehtmlarea/Classes/Hook/Install/DeprecatedRteProperties.php
typo3/sysext/rtehtmlarea/Classes/Hook/Install/RteAcronymButtonRenamedToAbbreviation.php
typo3/sysext/saltedpasswords/Classes/Utility/SaltedPasswordsUtility.php
typo3/sysext/saltedpasswords/Tests/Functional/SaltedPasswordServiceTest.php
typo3/sysext/saltedpasswords/Tests/Functional/Task/BulkUpdateTaskTest.php
typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php
typo3/sysext/scheduler/Classes/Scheduler.php
typo3/sysext/scheduler/Classes/Task/AbstractTask.php
typo3/sysext/scheduler/Classes/Task/OptimizeDatabaseTableAdditionalFieldProvider.php
typo3/sysext/scheduler/Classes/Task/TableGarbageCollectionTask.php
typo3/sysext/setup/Classes/Controller/SetupModuleController.php
typo3/sysext/sv/Classes/AuthenticationService.php
typo3/sysext/sys_action/Classes/ActionTask.php
typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php
typo3/sysext/sys_note/Classes/Core/Bootstrap.php
typo3/sysext/version/Classes/Controller/VersionModuleController.php
typo3/sysext/version/Classes/Dependency/ElementEntity.php
typo3/sysext/version/Classes/Hook/DataHandlerHook.php
typo3/sysext/version/Classes/Hook/PreviewHook.php
typo3/sysext/viewpage/Classes/Controller/ViewModuleController.php
typo3/sysext/workspaces/Classes/Domain/Record/AbstractRecord.php
typo3/sysext/workspaces/Classes/Domain/Record/WorkspaceRecord.php
typo3/sysext/workspaces/Classes/ExtDirect/ExtDirectServer.php
typo3/sysext/workspaces/Classes/Hook/DataHandlerHook.php
typo3/sysext/workspaces/Classes/Service/AutoPublishService.php
typo3/sysext/workspaces/Classes/Service/RecordService.php
typo3/sysext/workspaces/Classes/Service/StagesService.php
typo3/sysext/workspaces/Classes/Service/WorkspaceService.php
typo3/sysext/workspaces/Classes/Task/CleanupPreviewLinkTask.php

index 89e5a14..c3054e0 100644 (file)
@@ -70,10 +70,22 @@ class DefaultAvatarProvider implements AvatarProviderInterface
             ->select('uid_local')
             ->from('sys_file_reference')
             ->where(
-                $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter('be_users')),
-                $queryBuilder->expr()->eq('fieldname', $queryBuilder->createNamedParameter('avatar')),
-                $queryBuilder->expr()->eq('table_local', $queryBuilder->createNamedParameter('sys_file')),
-                $queryBuilder->expr()->eq('uid_foreign', (int)$beUserId)
+                $queryBuilder->expr()->eq(
+                    'tablenames',
+                    $queryBuilder->createNamedParameter('be_users', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'fieldname',
+                    $queryBuilder->createNamedParameter('avatar', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'table_local',
+                    $queryBuilder->createNamedParameter('sys_file', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'uid_foreign',
+                    $queryBuilder->createNamedParameter($beUserId, \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchColumn();
index 1f297f2..47d2c72 100644 (file)
@@ -19,6 +19,7 @@ use Psr\Http\Message\ServerRequestInterface;
 use TYPO3\CMS\Backend\Module\ModuleLoader;
 use TYPO3\CMS\Backend\Toolbar\ToolbarItemInterface;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
 use TYPO3\CMS\Core\Imaging\Icon;
@@ -254,12 +255,24 @@ class ShortcutToolbarItem implements ToolbarItemInterface
             ->from('sys_be_shortcuts')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('userid', (int)$backendUser->user['uid']),
-                    $queryBuilder->expr()->gte('sc_group', 0)
+                    $queryBuilder->expr()->eq(
+                        'userid',
+                        $queryBuilder->createNamedParameter($backendUser->user['uid'], \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->gte(
+                        'sc_group',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
                 )
             )
             ->orWhere(
-                $queryBuilder->expr()->in('sc_group', array_keys($this->getGlobalShortcutGroups()))
+                $queryBuilder->expr()->in(
+                    'sc_group',
+                    $queryBuilder->createNamedParameter(
+                        array_keys($this->getGlobalShortcutGroups()),
+                        Connection::PARAM_INT_ARRAY
+                    )
+                )
             )
             ->orderBy('sc_group')
             ->addOrderBy('sorting')
@@ -536,7 +549,12 @@ class ShortcutToolbarItem implements ToolbarItemInterface
             $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
                 ->getQueryBuilderForTable('sys_be_shortcuts');
             $affectedRows = $queryBuilder->delete('sys_be_shortcuts')
-                ->where($queryBuilder->expr()->eq('uid', $shortcutId))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($shortcutId, \PDO::PARAM_INT)
+                    )
+                )
                 ->execute();
             if ($affectedRows === 1) {
                 $success = true;
@@ -712,9 +730,9 @@ class ShortcutToolbarItem implements ToolbarItemInterface
             ->where(
                 $queryBuilder->expr()->eq(
                     'userid',
-                    $queryBuilder->createNamedParameter($this->getBackendUser()->user['uid'])
+                    $queryBuilder->createNamedParameter($this->getBackendUser()->user['uid'], \PDO::PARAM_INT)
                 ),
-                $queryBuilder->expr()->eq('url', $queryBuilder->createNamedParameter($url))
+                $queryBuilder->expr()->eq('url', $queryBuilder->createNamedParameter($url, \PDO::PARAM_STR))
             )
             ->execute()
             ->fetchColumn();
@@ -743,13 +761,23 @@ class ShortcutToolbarItem implements ToolbarItemInterface
         $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
             ->getQueryBuilderForTable('sys_be_shortcuts');
         $queryBuilder->update('sys_be_shortcuts')
-            ->where($queryBuilder->expr()->eq('uid', $shortcutId))
+            ->where(
+                $queryBuilder->expr()->eq(
+                    'uid',
+                    $queryBuilder->createNamedParameter($shortcutId, \PDO::PARAM_INT)
+                )
+            )
             ->set('description', $shortcutName)
             ->set('sc_group', $shortcutGroupId);
 
         if (!$backendUser->isAdmin()) {
             // Users can only modify their own shortcuts
-            $queryBuilder->andWhere($queryBuilder->expr()->eq('userid', (int)$backendUser->user['uid']));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->eq(
+                    'userid',
+                    $queryBuilder->createNamedParameter($backendUser->user['uid'], \PDO::PARAM_INT)
+                )
+            );
 
             if ($shortcutGroupId < 0) {
                 $queryBuilder->set('sc_group', 0);
@@ -848,7 +876,12 @@ class ShortcutToolbarItem implements ToolbarItemInterface
                         ->getQueryBuilderForTable($table);
                     $queryBuilder->select(...array_unique(array_values($selectFields)))
                         ->from($table)
-                        ->where($queryBuilder->expr()->in('uid', $recordid));
+                        ->where(
+                            $queryBuilder->expr()->in(
+                                'uid',
+                                $queryBuilder->createNamedParameter($recordid, \PDO::PARAM_INT)
+                            )
+                        );
 
                     if ($table === 'pages' && $this->perms_clause) {
                         $queryBuilder->andWhere(QueryHelper::stripLogicalOperatorPrefix($this->perms_clause));
index c8fe4a2..6d275fd 100644 (file)
@@ -506,12 +506,24 @@ class Clipboard
                 ->select('*')
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->eq($tcaCtrl['transOrigPointerField'], (int)$parentRec['uid']),
-                    $queryBuilder->expr()->neq($tcaCtrl['languageField'], 0)
+                    $queryBuilder->expr()->eq(
+                        $tcaCtrl['transOrigPointerField'],
+                        $queryBuilder->createNamedParameter($parentRec['uid'], \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->neq(
+                        $tcaCtrl['languageField'],
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
                 );
 
             if (isset($tcaCtrl['versioningWS']) && $tcaCtrl['versioningWS']) {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('t3ver_wsid', (int)$parentRec['t3ver_wsid']));
+                $queryBuilder
+                    ->andWhere(
+                        $queryBuilder->expr()->eq(
+                            't3ver_wsid',
+                            $queryBuilder->createNamedParameter($parentRec['t3ver_wsid'], \PDO::PARAM_INT)
+                        )
+                    );
             }
             $rows = $queryBuilder->execute()->fetchAll();
             if (is_array($rows)) {
index 08ba769..547f3e2 100644 (file)
@@ -133,13 +133,33 @@ class TranslationConfigurationProvider
             ->select(...GeneralUtility::trimExplode(',', $selFieldList))
             ->from($translationTable)
             ->where(
-                $queryBuilder->expr()->eq($GLOBALS['TCA'][$translationTable]['ctrl']['transOrigPointerField'], (int)$uid),
-                $queryBuilder->expr()->eq('pid', (int)($table === 'pages' ? $row['uid'] : $row['pid']))
+                $queryBuilder->expr()->eq(
+                    $GLOBALS['TCA'][$translationTable]['ctrl']['transOrigPointerField'],
+                    $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter(
+                        ($table === 'pages' ? $row['uid'] : $row['pid']),
+                        \PDO::PARAM_INT
+                    )
+                )
             );
         if (!$languageUid) {
-            $queryBuilder->andWhere($queryBuilder->expr()->gt($GLOBALS['TCA'][$translationTable]['ctrl']['languageField'], 0));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->gt(
+                    $GLOBALS['TCA'][$translationTable]['ctrl']['languageField'],
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
+            );
         } else {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq($GLOBALS['TCA'][$translationTable]['ctrl']['languageField'], (int)$languageUid));
+            $queryBuilder
+                ->andWhere(
+                    $queryBuilder->expr()->eq(
+                        $GLOBALS['TCA'][$translationTable]['ctrl']['languageField'],
+                        $queryBuilder->createNamedParameter($languageUid, \PDO::PARAM_INT)
+                    )
+                );
         }
         $translationRecords = $queryBuilder
             ->execute()
index 7671d85..9d06db9 100644 (file)
@@ -652,9 +652,18 @@ class ElementInformationController
             ->select('*')
             ->from('sys_refindex')
             ->where(
-                $queryBuilder->expr()->eq('ref_table', $queryBuilder->createNamedParameter($selectTable)),
-                $queryBuilder->expr()->eq('ref_uid', (int)$selectUid),
-                $queryBuilder->expr()->eq('deleted', 0)
+                $queryBuilder->expr()->eq(
+                    'ref_table',
+                    $queryBuilder->createNamedParameter($selectTable, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'ref_uid',
+                    $queryBuilder->createNamedParameter($selectUid, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'deleted',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchAll();
@@ -770,8 +779,14 @@ class ElementInformationController
             ->select('*')
             ->from('sys_refindex')
             ->where(
-                $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($table)),
-                $queryBuilder->expr()->eq('recuid', (int)$ref)
+                $queryBuilder->expr()->eq(
+                    'tablename',
+                    $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'recuid',
+                    $queryBuilder->createNamedParameter($ref, \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchAll();
@@ -874,7 +889,12 @@ class ElementInformationController
         $fileReference = $queryBuilder
             ->select('*')
             ->from('sys_file_reference')
-            ->where($queryBuilder->expr()->eq('uid', (int)$referenceRecord['recuid']))
+            ->where(
+                $queryBuilder->expr()->eq(
+                    'uid',
+                    $queryBuilder->createNamedParameter($referenceRecord['recuid'], \PDO::PARAM_INT)
+                )
+            )
             ->execute()
             ->fetch();
 
index ef66ed8..de45099 100644 (file)
@@ -1345,9 +1345,12 @@ class EditDocumentController extends AbstractModule
                     ->where(
                         $queryBuilder->expr()->eq(
                             'tablename',
-                            $queryBuilder->createNamedParameter($this->firstEl['table'])
+                            $queryBuilder->createNamedParameter($this->firstEl['table'], \PDO::PARAM_STR)
                         ),
-                        $queryBuilder->expr()->eq('recuid', (int)$this->firstEl['uid'])
+                        $queryBuilder->expr()->eq(
+                            'recuid',
+                            $queryBuilder->createNamedParameter($this->firstEl['uid'], \PDO::PARAM_INT)
+                        )
                     )
                     ->orderBy('tstamp', 'DESC')
                     ->setMaxResults(1)
@@ -1580,9 +1583,18 @@ class EditDocumentController extends AbstractModule
                         $result = $queryBuilder->select(...GeneralUtility::trimExplode(',', $fetchFields, true))
                             ->from($table)
                             ->where(
-                                $queryBuilder->expr()->eq('pid', (int)$pid),
-                                $queryBuilder->expr()->gt($languageField, 0),
-                                $queryBuilder->expr()->eq($transOrigPointerField, (int)$rowsByLang[0]['uid'])
+                                $queryBuilder->expr()->eq(
+                                    'pid',
+                                    $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)
+                                ),
+                                $queryBuilder->expr()->gt(
+                                    $languageField,
+                                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                                ),
+                                $queryBuilder->expr()->eq(
+                                    $transOrigPointerField,
+                                    $queryBuilder->createNamedParameter($rowsByLang[0]['uid'], \PDO::PARAM_INT)
+                                )
                             )
                             ->execute();
 
@@ -1652,8 +1664,14 @@ class EditDocumentController extends AbstractModule
             $localizedRecord = $queryBuilder->select('uid')
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->eq($GLOBALS['TCA'][$table]['ctrl']['languageField'], (int)$language),
-                    $queryBuilder->expr()->eq($GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'], (int)$origUid)
+                    $queryBuilder->expr()->eq(
+                        $GLOBALS['TCA'][$table]['ctrl']['languageField'],
+                        $queryBuilder->createNamedParameter($language, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        $GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'],
+                        $queryBuilder->createNamedParameter($origUid, \PDO::PARAM_INT)
+                    )
                 )
                 ->execute()
                 ->fetch();
@@ -1721,11 +1739,8 @@ class EditDocumentController extends AbstractModule
             // Add join with pages_languages_overlay table to only show active languages
             $queryBuilder->from('pages_language_overlay', 'o')
                 ->where(
-                    $queryBuilder->expr()->eq(
-                        'o.sys_language_uid',
-                        $queryBuilder->quoteIdentifier('s.uid')
-                    ),
-                    $queryBuilder->expr()->eq('o.pid', (int)$id)
+                    $queryBuilder->expr()->eq('o.sys_language_uid', $queryBuilder->quoteIdentifier('s.uid')),
+                    $queryBuilder->expr()->eq('o.pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT))
                 );
         }
 
index 082f0c3..8d962ae 100644 (file)
@@ -28,6 +28,7 @@ use TYPO3\CMS\Backend\Tree\View\ContentLayoutPagePositionMap;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Backend\View\BackendLayoutView;
 use TYPO3\CMS\Backend\View\PageLayoutView;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\Database\Query\Restriction\BackendWorkspaceRestriction;
@@ -411,14 +412,32 @@ class PageLayoutController
                     'sys_language',
                     'pages_language_overlay',
                     'pages_language_overlay',
-                    $queryBuilder->expr()->eq('sys_language.uid', $queryBuilder->quoteIdentifier('pages_language_overlay.sys_language_uid'))
+                    $queryBuilder->expr()->eq(
+                        'sys_language.uid',
+                        $queryBuilder->quoteIdentifier('pages_language_overlay.sys_language_uid')
+                    )
                 )
                 ->where(
-                    $queryBuilder->expr()->eq('pages_language_overlay.deleted', 0),
-                    $queryBuilder->expr()->eq('pages_language_overlay.pid', (int)$this->id),
+                    $queryBuilder->expr()->eq(
+                        'pages_language_overlay.deleted',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'pages_language_overlay.pid',
+                        $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)
+                    ),
                     $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->gte('pages_language_overlay.t3ver_state', (int)(new VersionState(VersionState::DEFAULT_STATE))),
-                        $queryBuilder->expr()->eq('pages_language_overlay.t3ver_wsid', (int)$this->getBackendUser()->workspace)
+                        $queryBuilder->expr()->gte(
+                            'pages_language_overlay.t3ver_state',
+                            $queryBuilder->createNamedParameter(
+                                (string)new VersionState(VersionState::DEFAULT_STATE),
+                                \PDO::PARAM_INT
+                            )
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'pages_language_overlay.t3ver_wsid',
+                            $queryBuilder->createNamedParameter($this->getBackendUser()->workspace, \PDO::PARAM_INT)
+                        )
                     )
                 )
                 ->groupBy('pages_language_overlay.sys_language_uid', 'sys_language.uid', 'sys_language.pid',
@@ -426,7 +445,12 @@ class PageLayoutController
                     'sys_language.language_isocode', 'sys_language.static_lang_isocode', 'sys_language.flag')
                 ->orderBy('sys_language.sorting');
             if (!$this->getBackendUser()->isAdmin()) {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('sys_language.hidden', 0));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq(
+                        'sys_language.hidden',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
+                );
             }
             $statement = $queryBuilder->execute();
         } else {
@@ -663,8 +687,11 @@ class PageLayoutController
                 ->select('title')
                 ->from('pages_language_overlay')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$this->id),
-                    $queryBuilder->expr()->eq('sys_language_uid', (int)$this->current_sys_language)
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter($this->current_sys_language, \PDO::PARAM_INT)
+                    )
                 )
                 ->setMaxResults(1)
                 ->execute()
@@ -824,12 +851,27 @@ class PageLayoutController
                 ->from('tt_content')
                 ->orderBy('sorting')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$this->id),
-                    $queryBuilder->expr()->eq('colPos', (int)substr($edit_record, 10)),
-                    $queryBuilder->expr()->eq('sys_language_uid', (int)$this->current_sys_language),
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq(
+                        'colPos',
+                        $queryBuilder->createNamedParameter(substr($edit_record, 10), \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter($this->current_sys_language, \PDO::PARAM_INT)
+                    ),
                     $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->gte('t3ver_state', (int)(new VersionState(VersionState::DEFAULT_STATE))),
-                        $queryBuilder->expr()->eq('t3ver_wsid', (int)$beUser->workspace)
+                        $queryBuilder->expr()->gte(
+                            't3ver_state',
+                            $queryBuilder->createNamedParameter(
+                                (string)new VersionState(VersionState::DEFAULT_STATE),
+                                \PDO::PARAM_INT
+                            )
+                        ),
+                        $queryBuilder->expr()->eq(
+                            't3ver_wsid',
+                            $queryBuilder->createNamedParameter($beUser->workspace, \PDO::PARAM_INT)
+                        )
                     )
                 )
                 ->execute();
@@ -850,8 +892,14 @@ class PageLayoutController
             $sys_log_row = $queryBuilder->select('tablename', 'recuid')
                 ->from('sys_log')
                 ->where(
-                    $queryBuilder->expr()->eq('userid', (int)$beUser->user['uid']),
-                    $queryBuilder->expr()->eq('NEWid', $queryBuilder->createNamedParameter($this->new_unique_uid))
+                    $queryBuilder->expr()->eq(
+                        'userid',
+                        $queryBuilder->createNamedParameter($beUser->user['uid'], \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'NEWid',
+                        $queryBuilder->createNamedParameter($this->new_unique_uid, \PDO::PARAM_INT)
+                    )
                 )
                 ->execute()
                 ->fetch();
@@ -872,8 +920,14 @@ class PageLayoutController
         $this->undoButtonR = $queryBuilder->select('tstamp')
             ->from('sys_history')
             ->where(
-                $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($tableName)),
-                $queryBuilder->expr()->eq('recuid', (int)$this->eRParts[1])
+                $queryBuilder->expr()->eq(
+                    'tablename',
+                    $queryBuilder->createNamedParameter($tableName, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'recuid',
+                    $queryBuilder->createNamedParameter($this->eRParts[1], \PDO::PARAM_INT)
+                )
             )
             ->orderBy('tstamp', 'DESC')
             ->setMaxResults(1)
@@ -1263,8 +1317,14 @@ class PageLayoutController
                         ->select('uid')
                         ->from('pages_language_overlay')
                         ->where(
-                            $queryBuilder->expr()->eq('pid', (int)$this->id),
-                            $queryBuilder->expr()->eq('sys_language_uid', (int)$this->current_sys_language)
+                            $queryBuilder->expr()->eq(
+                                'pid',
+                                $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)
+                            ),
+                            $queryBuilder->expr()->eq(
+                                'sys_language_uid',
+                                $queryBuilder->createNamedParameter($this->current_sys_language, \PDO::PARAM_INT)
+                            )
                         )
                         ->setMaxResults(1)
                         ->execute()
@@ -1421,25 +1481,46 @@ class PageLayoutController
             ->count('uid')
             ->from('tt_content')
             ->where(
-                $queryBuilder->expr()->eq('pid', (int)$this->id),
-                $queryBuilder->expr()->eq('sys_language_uid', (int)$this->current_sys_language)
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'sys_language_uid',
+                    $queryBuilder->createNamedParameter($this->current_sys_language, \PDO::PARAM_INT)
+                )
             );
 
         if (!empty($GLOBALS['TCA']['tt_content']['ctrl']['enablecolumns']['disabled'])) {
-            $andWhere[] = $queryBuilder->expr()->neq('hidden', 0);
+            $andWhere[] = $queryBuilder->expr()->neq(
+                'hidden',
+                $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+            );
         }
 
         if (!empty($GLOBALS['TCA']['tt_content']['ctrl']['enablecolumns']['starttime'])) {
             $andWhere[] = $queryBuilder->expr()->andX(
-                $queryBuilder->expr()->neq('starttime', 0),
-                $queryBuilder->expr()->gt('starttime', (int)$GLOBALS['SIM_ACCESS_TIME'])
+                $queryBuilder->expr()->neq(
+                    'starttime',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->gt(
+                    'starttime',
+                    $queryBuilder->createNamedParameter($GLOBALS['SIM_ACCESS_TIME'], \PDO::PARAM_INT)
+                )
             );
         }
 
         if (!empty($GLOBALS['TCA']['tt_content']['ctrl']['enablecolumns']['endtime'])) {
             $andWhere[] = $queryBuilder->expr()->andX(
-                $queryBuilder->expr()->neq('endtime', 0),
-                $queryBuilder->expr()->lte('endtime', (int)$GLOBALS['SIM_ACCESS_TIME'])
+                $queryBuilder->expr()->neq(
+                    'endtime',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->lte(
+                    'endtime',
+                    $queryBuilder->createNamedParameter($GLOBALS['SIM_ACCESS_TIME'], \PDO::PARAM_INT)
+                )
             );
         }
 
@@ -1578,18 +1659,44 @@ class PageLayoutController
         $queryBuilder->select('*')
             ->from('tt_content')
             ->where(
-                $queryBuilder->expr()->eq('pid', (int)$this->id),
-                $queryBuilder->expr()->eq('sys_language_uid', (int)$this->current_sys_language),
-                $queryBuilder->expr()->in('colPos', GeneralUtility::intExplode(',', $this->colPosList)),
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq(
+                    'sys_language_uid',
+                    $queryBuilder->createNamedParameter($this->current_sys_language, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->in(
+                    'colPos',
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $this->colPosList, true),
+                        Connection::PARAM_INT_ARRAY
+                    )
+                ),
                 $queryBuilder->expr()->orX(
-                    $queryBuilder->expr()->gte('t3ver_state', (int)(new VersionState(VersionState::DEFAULT_STATE))),
-                    $queryBuilder->expr()->eq('t3ver_wsid', (int)$beUser->workspace)
+                    $queryBuilder->expr()->gte(
+                        't3ver_state',
+                        $queryBuilder->createNamedParameter(
+                            (string)new VersionState(VersionState::DEFAULT_STATE),
+                            \PDO::PARAM_INT
+                        )
+                    ),
+                    $queryBuilder->expr()->eq(
+                        't3ver_wsid',
+                        $queryBuilder->createNamedParameter(
+                            (string)new VersionState(VersionState::DEFAULT_STATE),
+                            \PDO::PARAM_INT
+                        )
+                    )
                 )
             )
             ->orderBy('colPos')
             ->addOrderBy('sorting');
         if (!$beUser->user['admin']) {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq('editlock', 0));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->eq(
+                    'editlock',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
+            );
         }
         $statement = $queryBuilder->execute();
         $colPos = null;
@@ -1701,9 +1808,15 @@ class PageLayoutController
             ->count('uid')
             ->from('pages')
             ->where(
-                $queryBuilder->expr()->eq('pid', (int)$this->id),
-                $queryBuilder->expr()->eq('t3ver_wsid', $workspaceId),
-                $queryBuilder->expr()->{$comparisonExpression}('pid', -1)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter($workspaceId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->{$comparisonExpression}(
+                    'pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchColumn(0);
index 5046e78..b02e3e2 100644 (file)
@@ -253,8 +253,14 @@ class RteController extends AbstractWizardController
                 ->select('tstamp')
                 ->from('sys_history')
                 ->where(
-                    $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($this->P['table'])),
-                    $queryBuilder->expr()->eq('recuid', (int)$this->P['uid'])
+                    $queryBuilder->expr()->eq(
+                        'tablename',
+                        $queryBuilder->createNamedParameter($this->P['table'], \PDO::PARAM_STR)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'recuid',
+                        $queryBuilder->createNamedParameter($this->P['uid'], \PDO::PARAM_INT)
+                    )
                 )
                 ->orderBy('tstamp', 'desc')
                 ->setMaxResults(1)
index 63ba611..8813c95 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Backend\Domain\Repository\Localization;
  */
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\Database\Query\Restriction\BackendWorkspaceRestriction;
@@ -39,9 +40,18 @@ class LocalizationRepository
         $queryBuilder = $this->getQueryBuilderWithWorkspaceRestriction('tt_content');
 
         $constraints = [
-            $queryBuilder->expr()->eq('tt_content.colPos', (int)$colPos),
-            $queryBuilder->expr()->eq('tt_content.pid', (int)$pageId),
-            $queryBuilder->expr()->eq('tt_content.sys_language_uid', (int)$localizedLanguage),
+            $queryBuilder->expr()->eq(
+                'tt_content.colPos',
+                $queryBuilder->createNamedParameter($colPos, \PDO::PARAM_INT)
+            ),
+            $queryBuilder->expr()->eq(
+                'tt_content.pid',
+                $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+            ),
+            $queryBuilder->expr()->eq(
+                'tt_content.sys_language_uid',
+                $queryBuilder->createNamedParameter($localizedLanguage, \PDO::PARAM_INT)
+            ),
         ];
         $constraints += $this->getAllowedLanguageConstraintsForBackendUser();
 
@@ -84,10 +94,22 @@ class LocalizationRepository
         $rowCount = $queryBuilder->count('uid')
             ->from('tt_content')
             ->where(
-                $queryBuilder->expr()->eq('tt_content.sys_language_uid', (int)$languageId),
-                $queryBuilder->expr()->eq('tt_content.colPos', (int)$colPos),
-                $queryBuilder->expr()->eq('tt_content.pid', (int)$pageId),
-                $queryBuilder->expr()->neq('tt_content.t3_origuid', 0)
+                $queryBuilder->expr()->eq(
+                    'tt_content.sys_language_uid',
+                    $queryBuilder->createNamedParameter($languageId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.colPos',
+                    $queryBuilder->createNamedParameter($colPos, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.pid',
+                    $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->neq(
+                    'tt_content.t3_origuid',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchColumn(0);
@@ -112,9 +134,18 @@ class LocalizationRepository
                 'tt_content.sys_language_uid',
                 $queryBuilder->quoteIdentifier('sys_language.uid')
             ),
-            $queryBuilder->expr()->eq('tt_content.colPos', (int)$colPos),
-            $queryBuilder->expr()->eq('tt_content.pid', (int)$pageId),
-            $queryBuilder->expr()->neq('sys_language.uid', (int)$languageId)
+            $queryBuilder->expr()->eq(
+                'tt_content.colPos',
+                $queryBuilder->createNamedParameter($colPos, \PDO::PARAM_INT)
+            ),
+            $queryBuilder->expr()->eq(
+                'tt_content.pid',
+                $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+            ),
+            $queryBuilder->expr()->neq(
+                'sys_language.uid',
+                $queryBuilder->createNamedParameter($languageId, \PDO::PARAM_INT)
+            )
         ];
         $constraints += $this->getAllowedLanguageConstraintsForBackendUser();
 
@@ -183,14 +214,17 @@ class LocalizationRepository
             if (!empty($GLOBALS['TCA']['sys_language']['ctrl']['enablecolumns']['disabled'])) {
                 $constraints[] = $queryBuilder->expr()->eq(
                     'sys_language.' . $GLOBALS['TCA']['sys_language']['ctrl']['enablecolumns']['disabled'],
-                    0
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
                 );
             }
 
             if (!empty($backendUser->user['allowed_languages'])) {
                 $constraints[] = $queryBuilder->expr()->in(
                     'sys_language.uid',
-                    GeneralUtility::intExplode(',', $backendUser->user['allowed_languages'])
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $backendUser->user['allowed_languages'], true),
+                        Connection::PARAM_INT_ARRAY
+                    )
                 );
             }
         }
@@ -219,9 +253,18 @@ class LocalizationRepository
             ->select('t3_origuid')
             ->from('tt_content')
             ->where(
-                $queryBuilder->expr()->eq('sys_language_uid', (int)$destLanguageId),
-                $queryBuilder->expr()->eq('tt_content.colPos', (int)$colPos),
-                $queryBuilder->expr()->eq('tt_content.pid', (int)$pageId)
+                $queryBuilder->expr()->eq(
+                    'sys_language_uid',
+                    $queryBuilder->createNamedParameter($destLanguageId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.colPos',
+                    $queryBuilder->createNamedParameter($colPos, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.pid',
+                    $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+                )
             )
             ->execute();
 
@@ -232,14 +275,29 @@ class LocalizationRepository
         $queryBuilder->select(...GeneralUtility::trimExplode(',', $fields, true))
             ->from('tt_content')
             ->where(
-                $queryBuilder->expr()->eq('tt_content.sys_language_uid', (int)$languageId),
-                $queryBuilder->expr()->eq('tt_content.colPos', (int)$colPos),
-                $queryBuilder->expr()->eq('tt_content.pid', (int)$pageId)
+                $queryBuilder->expr()->eq(
+                    'tt_content.sys_language_uid',
+                    $queryBuilder->createNamedParameter($languageId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.colPos',
+                    $queryBuilder->createNamedParameter($colPos, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tt_content.pid',
+                    $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+                )
             )
             ->orderBy('tt_content.sorting');
 
         if (!empty($originalUids)) {
-            $queryBuilder->andWhere($queryBuilder->expr()->notIn('tt_content.uid', $originalUids));
+            $queryBuilder
+                ->andWhere(
+                    $queryBuilder->expr()->notIn(
+                        'tt_content.uid',
+                        $queryBuilder->createNamedParameter($originalUids, Connection::PARAM_INT_ARRAY)
+                    )
+                );
         }
 
         return $queryBuilder->execute();
@@ -316,14 +374,25 @@ class LocalizationRepository
                 $queryBuilder->select(...$select)
                     ->from($table)
                     ->where(
-                        $queryBuilder->expr()->eq('pid', (int)$pid),
-                        $queryBuilder->expr()->eq('sys_language_uid', (int)$sourceLanguage),
-                        $queryBuilder->expr()->lt($sortRow, (int)$row[$sortRow])
+                        $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)),
+                        $queryBuilder->expr()->eq(
+                            'sys_language_uid',
+                            $queryBuilder->createNamedParameter($sourceLanguage, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->lt(
+                            $sortRow,
+                            $queryBuilder->createNamedParameter($row[$sortRow], \PDO::PARAM_INT)
+                        )
                     );
 
                 // Respect the colPos for content elements
                 if ($table === 'tt_content') {
-                    $queryBuilder->andWhere($queryBuilder->expr()->eq('colPos', (int)$row['colPos']));
+                    $queryBuilder->andWhere(
+                        $queryBuilder->expr()->eq(
+                            'colPos',
+                            $queryBuilder->createNamedParameter($row['colPos'], \PDO::PARAM_INT)
+                        )
+                    );
                 }
 
                 $previousRow = $queryBuilder->orderBy($sortRow, 'DESC')->execute()->fetch();
index 00a9adb..bcfca7e 100644 (file)
@@ -477,8 +477,14 @@ class InlineRecordContainer extends AbstractContainer
                     ->select('uid')
                     ->from('sys_file_metadata')
                     ->where(
-                        $queryBuilder->expr()->eq('file', (int)substr($rec['uid_local'], 9)),
-                        $queryBuilder->expr()->eq('sys_language_uid', (int)$sys_language_uid)
+                        $queryBuilder->expr()->eq(
+                            'file',
+                            $queryBuilder->createNamedParameter(substr($rec['uid_local'], 9), \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'sys_language_uid',
+                            $queryBuilder->createNamedParameter($sys_language_uid, \PDO::PARAM_INT)
+                        )
                     )
                     ->setMaxResults(1)
                     ->execute()
index 79a782c..cd29baf 100644 (file)
@@ -75,7 +75,7 @@ abstract class AbstractDatabaseRecordProvider
 
         $row = $queryBuilder->select('*')
             ->from($tableName)
-            ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
 
index f26787f..dccd136 100644 (file)
@@ -952,9 +952,19 @@ abstract class AbstractItemProvider
         }
 
         if ($rootLevel === -1) {
-            $queryBuilder->andWhere($queryBuilder->expr()->neq($foreignTableName . '.pid', -1));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->neq(
+                    $foreignTableName . '.pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                )
+            );
         } elseif ($rootLevel === 1) {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq($foreignTableName . '.pid', 0));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->eq(
+                    $foreignTableName . '.pid',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
+            );
         } else {
             $queryBuilder->andWhere($backendUser->getPagePermsClause(1));
             if ($foreignTableName !== 'pages') {
index 40a95ed..8035524 100644 (file)
@@ -60,7 +60,7 @@ class DatabasePageLanguageOverlayRows implements FormDataProviderInterface
 
         $rows = $queryBuilder->select('*')
             ->from('pages_language_overlay')
-            ->where($queryBuilder->expr()->eq('pid', $pid))
+            ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)))
             ->execute()
             ->fetchAll();
 
index 34941d6..ed43c51 100644 (file)
@@ -76,7 +76,7 @@ class DatabaseSystemLanguageRows implements FormDataProviderInterface
         $queryResult = $queryBuilder
             ->select('uid', 'title', 'language_isocode', 'flag')
             ->from('sys_language')
-            ->where($queryBuilder->expr()->eq('pid', 0))
+            ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)))
             ->orderBy('sorting')
             ->execute();
 
index 20dd9cd..5ca700f 100644 (file)
@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Backend\Form\Wizard;
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Charset\CharsetConverter;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
@@ -276,8 +277,13 @@ class SuggestWizardDefaultReceiver
         // fetch all
         while ($depth - $level > 0 && !empty($pageIds)) {
             ++$level;
-            $pidList = array_map('intval', $pageIds);
-            $rows = $queryBuilder->where($queryBuilder->expr()->in('pid', $pidList))
+            $rows = $queryBuilder
+                ->where(
+                    $queryBuilder->expr()->in(
+                        'pid',
+                        $queryBuilder->createNamedParameter($pageIds, Connection::PARAM_INT_ARRAY)
+                    )
+                )
                 ->execute()
                 ->fetchAll();
 
index a050212..ec90c62 100644 (file)
@@ -252,8 +252,14 @@ class FrontendBackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\B
                 ->select('uid', 'title')
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', $id),
-                    $queryBuilder->expr()->in('doktype', GeneralUtility::intExplode(',', $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'], true)),
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->in(
+                        'doktype',
+                        $queryBuilder->createNamedParameter(
+                            $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'],
+                            \PDO::PARAM_INT
+                        )
+                    ),
                     QueryHelper::stripLogicalOperatorPrefix($perms_clause)
                 )
                 ->execute();
index a01dafd..2ef688d 100644 (file)
@@ -173,7 +173,7 @@ class RecordHistory
         $row = $queryBuilder
             ->select('snapshot')
             ->from('sys_history')
-            ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
 
@@ -182,7 +182,7 @@ class RecordHistory
             $queryBuilder
                 ->update('sys_history')
                 ->set('snapshot', (int)!$row['snapshot'])
-                ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
                 ->execute();
         }
     }
@@ -664,7 +664,12 @@ class RecordHistory
                 $rows = $queryBuilder
                     ->select('uid')
                     ->from($tablename)
-                    ->where($queryBuilder->expr()->eq('pid', (int)$elParts[1]))
+                    ->where(
+                        $queryBuilder->expr()->eq(
+                            'pid',
+                            $queryBuilder->createNamedParameter($elParts[1], \PDO::PARAM_INT)
+                        )
+                    )
                     ->execute();
                 if ($rows->rowCount() === 0) {
                     continue;
@@ -714,8 +719,14 @@ class RecordHistory
                     'sys_history.sys_log_uid',
                     $queryBuilder->quoteIdentifier('sys_log.uid')
                 ),
-                $queryBuilder->expr()->eq('sys_history.tablename', $queryBuilder->createNamedParameter($table)),
-                $queryBuilder->expr()->eq('sys_history.recuid', (int)$uid)
+                $queryBuilder->expr()->eq(
+                    'sys_history.tablename',
+                    $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'sys_history.recuid',
+                    $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                )
             )
             ->orderBy('sys_log.uid', 'DESC')
             ->setMaxResults((int)$this->maxSteps)
@@ -758,13 +769,13 @@ class RecordHistory
                 ->select('uid', 'userid', 'action', 'tstamp', 'log_data')
                 ->from('sys_log')
                 ->where(
-                    $queryBuilder->expr()->eq('type', 1),
+                    $queryBuilder->expr()->eq('type', $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)),
                     $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->eq('action', 1),
-                        $queryBuilder->expr()->eq('action', 3)
+                        $queryBuilder->expr()->eq('action', $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)),
+                        $queryBuilder->expr()->eq('action', $queryBuilder->createNamedParameter(3, \PDO::PARAM_INT))
                     ),
-                    $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($table)),
-                    $queryBuilder->expr()->eq('recuid', (int)$uid)
+                    $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)),
+                    $queryBuilder->expr()->eq('recuid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
                 )
                 ->orderBy('uid', 'DESC')
                 ->setMaxResults((int)$this->maxSteps)
@@ -912,9 +923,7 @@ class RecordHistory
         $record = $queryBuilder
             ->select('*')
             ->from('sys_history')
-            ->where(
-                $queryBuilder->expr()->eq('uid', (int)$shUid)
-            )
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($shUid, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
 
index c0dfd2e..6446892 100644 (file)
@@ -436,7 +436,7 @@ abstract class AbstractRecordList
         $result = $queryBuilder
             ->select('*')
             ->from('pages_language_overlay')
-            ->where($queryBuilder->expr()->eq('pid', (int)$this->id))
+            ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)))
             ->execute();
 
         $this->pageOverlays = [];
index dedd3e7..2780a83 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Backend\Search\LiveSearch;
  */
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Expression\CompositeExpression;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
@@ -181,7 +182,10 @@ class LiveSearch
                 ->select('*')
                 ->from($tableName)
                 ->where(
-                    $queryBuilder->expr()->in('pid', $pageIdList),
+                    $queryBuilder->expr()->in(
+                        'pid',
+                        $queryBuilder->createNamedParameter($pageIdList, Connection::PARAM_INT_ARRAY)
+                    ),
                     $this->makeQuerySearchByTable($tableName, $fieldsToSearchWithin)
                 )
                 ->setFirstResult($firstResult)
index c427658..4477233 100644 (file)
@@ -294,9 +294,7 @@ class Commands
         $domain = $queryBuilder
             ->select('domainName')
             ->from('sys_domain')
-            ->where(
-                $queryBuilder->expr()->eq('pid', (int)$uid)
-            )
+            ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
             ->setMaxResults(1)
             ->orderBy('sorting')
         ->execute()
index 25216c2..0d4889e 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Backend\Tree\Pagetree;
  */
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
@@ -431,14 +432,20 @@ class DataProvider extends \TYPO3\CMS\Backend\Tree\AbstractTreeDataProvider
 
         if (is_numeric($id) && $id >= 0) {
             $queryBuilder->andWhere(
-                $expressionBuilder->eq('pid', (int)$id)
+                $expressionBuilder->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT))
             );
         }
 
         $excludedDoktypes = $GLOBALS['BE_USER']->getTSConfigVal('options.pageTree.excludeDoktypes');
         if (!empty($excludedDoktypes)) {
             $queryBuilder->andWhere(
-                $expressionBuilder->notIn('doktype', GeneralUtility::intExplode(',', $excludedDoktypes))
+                $expressionBuilder->notIn(
+                    'doktype',
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $excludedDoktypes, true),
+                        Connection::PARAM_INT_ARRAY
+                    )
+                )
             );
         }
 
@@ -446,7 +453,7 @@ class DataProvider extends \TYPO3\CMS\Backend\Tree\AbstractTreeDataProvider
             $searchParts = $expressionBuilder->orX();
             if (is_numeric($searchFilter) && $searchFilter > 0) {
                 $searchParts->add(
-                    $expressionBuilder->eq('uid', (int)$searchFilter)
+                    $expressionBuilder->eq('uid', $queryBuilder->createNamedParameter($searchFilter, \PDO::PARAM_INT))
                 );
             }
             $searchFilter = '%' . $queryBuilder->escapeLikeWildcards($searchFilter) . '%';
@@ -455,15 +462,27 @@ class DataProvider extends \TYPO3\CMS\Backend\Tree\AbstractTreeDataProvider
 
             $aliasExpression = '';
             if ($useAlias) {
-                $aliasExpression = $expressionBuilder->like('alias', $queryBuilder->createNamedParameter($searchFilter));
+                $aliasExpression = $expressionBuilder->like(
+                    'alias',
+                    $queryBuilder->createNamedParameter($searchFilter, \PDO::PARAM_STR)
+                );
             }
 
             if ($useNavTitle) {
                 $searchWhereAlias = $expressionBuilder->orX(
-                    $expressionBuilder->like('nav_title', $queryBuilder->createNamedParameter($searchFilter)),
+                    $expressionBuilder->like(
+                        'nav_title',
+                        $queryBuilder->createNamedParameter($searchFilter, \PDO::PARAM_STR)
+                    ),
                     $expressionBuilder->andX(
-                        $expressionBuilder->eq('nav_title', $queryBuilder->createNamedParameter('')),
-                        $expressionBuilder->like('title', $queryBuilder->createNamedParameter($searchFilter))
+                        $expressionBuilder->eq(
+                            'nav_title',
+                            $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
+                        ),
+                        $expressionBuilder->like(
+                            'title',
+                            $queryBuilder->createNamedParameter($searchFilter, \PDO::PARAM_STR)
+                        )
                     )
                 );
                 if (strlen($aliasExpression)) {
@@ -472,7 +491,10 @@ class DataProvider extends \TYPO3\CMS\Backend\Tree\AbstractTreeDataProvider
                 $searchParts->add($searchWhereAlias);
             } else {
                 $searchParts->add(
-                    $expressionBuilder->like('title', $queryBuilder->createNamedParameter($searchFilter))
+                    $expressionBuilder->like(
+                        'title',
+                        $queryBuilder->createNamedParameter($searchFilter, \PDO::PARAM_STR)
+                    )
                 );
 
                 if (strlen($aliasExpression)) {
index 616f770..94e1bad 100644 (file)
@@ -846,7 +846,10 @@ abstract class AbstractTreeView
                 ->count('uid')
                 ->from($this->table)
                 ->where(
-                    $queryBuilder->expr()->eq($this->parentField, (int)$uid),
+                    $queryBuilder->expr()->eq(
+                        $this->parentField,
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    ),
                     QueryHelper::stripLogicalOperatorPrefix($this->clause)
                 )
                 ->execute()
@@ -912,7 +915,10 @@ abstract class AbstractTreeView
                 ->select(...$this->fieldArray)
                 ->from($this->table)
                 ->where(
-                    $queryBuilder->expr()->eq($this->parentField, (int)$parentId),
+                    $queryBuilder->expr()->eq(
+                        $this->parentField,
+                        $queryBuilder->createNamedParameter($parentId, \PDO::PARAM_INT)
+                    ),
                     QueryHelper::stripLogicalOperatorPrefix($this->clause)
                 );
 
index a485a20..9e5068f 100644 (file)
@@ -153,7 +153,12 @@ class BrowseTreeView extends AbstractTreeView
             $row = $queryBuilder
                 ->select('domainName', 'sorting')
                 ->from('sys_domain')
-                ->where($queryBuilder->expr()->eq('pid', (int)$row['uid']))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter($row['uid'], \PDO::PARAM_INT)
+                    )
+                )
                 ->orderBy('sorting')
                 ->setMaxResults(1)
                 ->execute()
index 6bef774..23926f8 100644 (file)
@@ -356,13 +356,18 @@ class PagePositionMap
                 ->select('*')
                 ->from('tt_content')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$pid),
-                    $queryBuilder->expr()->eq('colPos', (int)$vv)
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq('colPos', $queryBuilder->createNamedParameter($vv, \PDO::PARAM_INT))
                 )
                 ->orderBy('sorting');
 
             if ((string)$this->cur_sys_language !== '') {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('sys_language_uid', (int)$this->cur_sys_language));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter($this->cur_sys_language, \PDO::PARAM_INT)
+                    )
+                );
             }
 
             $res = $queryBuilder->execute();
index 0a20c1e..f7b29d9 100644 (file)
@@ -130,7 +130,7 @@ class BackendUtility
             $queryBuilder
                 ->select(...GeneralUtility::trimExplode(',', $fields, true))
                 ->from($table)
-                ->where($queryBuilder->expr()->eq('uid', (int)$uid));
+                ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)));
 
             // add custom where clause
             if ($where) {
@@ -390,12 +390,15 @@ class BackendUtility
         if (self::isTableLocalizable($table)) {
             $tcaCtrl = $GLOBALS['TCA'][$table]['ctrl'];
 
-            $expressionBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
-                ->getQueryBuilderForTable($table)
-                ->expr();
+            $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
+                ->getQueryBuilderForTable($table);
+            $expressionBuilder = $queryBuilder->expr();
 
             $constraint = $expressionBuilder->andX(
-                $expressionBuilder->eq($tcaCtrl['languageField'], (int)$language),
+                $expressionBuilder->eq(
+                    $tcaCtrl['languageField'],
+                    $queryBuilder->createNamedParameter($language, \PDO::PARAM_INT)
+                ),
                 QueryHelper::stripLogicalOperatorPrefix($andWhereClause)
             );
 
@@ -519,7 +522,7 @@ class BackendUtility
                 )
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('uid', (int)$uid),
+                    $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)),
                     QueryHelper::stripLogicalOperatorPrefix($clause)
                 )
                 ->execute()
@@ -1011,7 +1014,13 @@ class BackendUtility
                         ->select('uid', $ds_pointerField, $ds_searchParentField)
                         ->from($table)
                         ->where(
-                            $queryBuilder->expr()->eq('uid', (int)($newRecordPidValue ?: $rr[$ds_searchParentField]))
+                            $queryBuilder->expr()->eq(
+                                'uid',
+                                $queryBuilder->createNamedParameter(
+                                    ($newRecordPidValue ?: $rr[$ds_searchParentField]),
+                                    \PDO::PARAM_INT
+                                )
+                            )
                         );
                     if ($subFieldPointer) {
                         $queryBuilder->addSelect($subFieldPointer);
@@ -2277,7 +2286,12 @@ class BackendUtility
                             $result = $queryBuilder
                                 ->select('uid', $MMfield)
                                 ->from($theColConf['foreign_table'])
-                                ->where($queryBuilder->expr()->in('uid', $selectUids))
+                                ->where(
+                                    $queryBuilder->expr()->in(
+                                        'uid',
+                                        $queryBuilder->createNamedParameter($selectUids, Connection::PARAM_INT_ARRAY)
+                                    )
+                                )
                                 ->execute();
 
                             $mmlA = [];
@@ -2327,13 +2341,16 @@ class BackendUtility
                                     ->removeAll()
                                     ->add(GeneralUtility::makeInstance(BackendWorkspaceRestriction::class));
                                 $constraints = [
-                                    $queryBuilder->expr()->eq($theColConf['foreign_field'], (int)$uid)
+                                    $queryBuilder->expr()->eq(
+                                        $theColConf['foreign_field'],
+                                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                                    )
                                 ];
 
                                 if (!empty($theColConf['foreign_table_field'])) {
                                     $constraints[] = $queryBuilder->expr()->eq(
                                         $theColConf['foreign_table_field'],
-                                        $queryBuilder->createNamedParameter($table)
+                                        $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)
                                     );
                                 }
 
@@ -2425,7 +2442,15 @@ class BackendUtility
                                 $result = $queryBuilder
                                     ->select('uid', $MMfield)
                                     ->from($theColConf['foreign_table'])
-                                    ->where($queryBuilder->expr()->in('uid', $selectUids))
+                                    ->where(
+                                        $queryBuilder->expr()->in(
+                                            'uid',
+                                            $queryBuilder->createNamedParameter(
+                                                $selectUids,
+                                                Connection::PARAM_INT_ARRAY
+                                            )
+                                        )
+                                    )
                                     ->execute();
 
                                 $mmlA = [];
@@ -3708,12 +3733,18 @@ class BackendUtility
                 ->from('sys_lockedrecords')
                 ->where(
                     $queryBuilder->expr()->neq(
-                        'sys_lockedrecords' . '.userid',
-                        (int)static::getBackendUserAuthentication()->user['uid']
+                        'sys_lockedrecords.userid',
+                        $queryBuilder->createNamedParameter(
+                            static::getBackendUserAuthentication()->user['uid'],
+                            \PDO::PARAM_INT
+                        )
                     ),
                     $queryBuilder->expr()->gt(
-                        'sys_lockedrecords' . '.tstamp',
-                        ($GLOBALS['EXEC_TIME'] - 2 * 3600)
+                        'sys_lockedrecords.tstamp',
+                        $queryBuilder->createNamedParameter(
+                            ($GLOBALS['EXEC_TIME'] - 2 * 3600),
+                            \PDO::PARAM_INT
+                        )
                     )
                 )
                 ->execute();
@@ -3966,11 +3997,11 @@ class BackendUtility
                 $queryBuilder->expr()->orX(
                     $queryBuilder->expr()->eq(
                         'sys_domain.domainName',
-                        $queryBuilder->createNamedParameter($domain)
+                        $queryBuilder->createNamedParameter($domain, \PDO::PARAM_STR)
                     ),
                     $queryBuilder->expr()->eq(
                         'sys_domain.domainName',
-                        $queryBuilder->createNamedParameter($domain . '/')
+                        $queryBuilder->createNamedParameter($domain . '/', \PDO::PARAM_STR)
                     )
                 )
 
@@ -4123,8 +4154,8 @@ class BackendUtility
                 ->count('*')
                 ->from('sys_refindex')
                 ->where(
-                    $queryBuilder->expr()->eq('ref_table', $queryBuilder->quote($table)),
-                    $queryBuilder->expr()->eq('deleted', 0)
+                    $queryBuilder->expr()->eq('ref_table', $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)),
+                    $queryBuilder->expr()->eq('deleted', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT))
                 );
 
             // Look up the path:
@@ -4135,11 +4166,12 @@ class BackendUtility
 
                 $ref = PathUtility::stripPathSitePrefix($ref);
                 $queryBuilder->andWhere(
-                    $queryBuilder->expr()->eq('ref_string', $queryBuilder->createNamedParameter($ref))
+                    $queryBuilder->expr()->eq('ref_string', $queryBuilder->createNamedParameter($ref, \PDO::PARAM_STR))
                 );
             } else {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('ref_uid', (int)$ref));
-
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq('ref_uid', $queryBuilder->createNamedParameter($ref, \PDO::PARAM_INT))
+                );
                 if ($table === 'sys_file') {
                     $queryBuilder->andWhere($queryBuilder->expr()->neq('tablename', $queryBuilder->quote('sys_file_metadata')));
                 }
@@ -4180,8 +4212,14 @@ class BackendUtility
                 ->count('*')
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->eq($GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'], (int)$ref),
-                    $queryBuilder->expr()->neq($GLOBALS['TCA'][$table]['ctrl']['languageField'], 0)
+                    $queryBuilder->expr()->eq(
+                        $GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'],
+                        $queryBuilder->createNamedParameter($ref, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->neq(
+                        $GLOBALS['TCA'][$table]['ctrl']['languageField'],
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
                 )
                 ->execute()
                 ->fetchColumn(0);
@@ -4249,9 +4287,9 @@ class BackendUtility
             $queryBuilder
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->eq('pid', -1),
-                    $queryBuilder->expr()->neq('uid', (int)$uid),
-                    $queryBuilder->expr()->eq('t3ver_oid', (int)$uid)
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->neq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq('t3ver_oid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
                 )
                 ->orderBy('t3ver_id', 'DESC');
 
@@ -4261,10 +4299,20 @@ class BackendUtility
 
             if ($workspace === 0) {
                 // Only in Live WS
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('t3ver_wsid', 0));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq(
+                        't3ver_wsid',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
+                );
             } elseif ($workspace !== null) {
                 // In Live WS and Workspace with given ID
-                $queryBuilder->andWhere($queryBuilder->expr()->in('t3ver_wsid', [0, (int)$workspace]));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->in(
+                        't3ver_wsid',
+                        $queryBuilder->createNamedParameter([0, (int)$workspace], Connection::PARAM_INT_ARRAY)
+                    )
+                );
             }
 
             $rows = $queryBuilder->execute()->fetchAll();
@@ -4489,9 +4537,18 @@ class BackendUtility
                 $row = $queryBuilder
                     ->from($table)
                     ->where(
-                        $queryBuilder->expr()->eq('pid', -1),
-                        $queryBuilder->expr()->eq('t3ver_oid', (int)$uid),
-                        $queryBuilder->expr()->eq('t3ver_wsid', (int)$workspace)
+                        $queryBuilder->expr()->eq(
+                            'pid',
+                            $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            't3ver_oid',
+                            $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            't3ver_wsid',
+                            $queryBuilder->createNamedParameter($workspace, \PDO::PARAM_INT)
+                        )
                     )
                     ->execute()
                     ->fetch();
@@ -4618,10 +4675,25 @@ class BackendUtility
                 ->select(...GeneralUtility::trimExplode(',', $fields, true))
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->neq('pid', -1),
-                    $queryBuilder->expr()->eq('t3ver_state', (string)(new VersionState(VersionState::MOVE_PLACEHOLDER))),
-                    $queryBuilder->expr()->eq('t3ver_move_id', (int)$uid),
-                    $queryBuilder->expr()->eq('t3ver_wsid', (int)$workspace)
+                    $queryBuilder->expr()->neq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        't3ver_state',
+                        $queryBuilder->createNamedParameter(
+                            (string)new VersionState(VersionState::MOVE_PLACEHOLDER),
+                            \PDO::PARAM_INT
+                        )
+                    ),
+                    $queryBuilder->expr()->eq(
+                        't3ver_move_id',
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        't3ver_wsid',
+                        $queryBuilder->createNamedParameter($workspace, \PDO::PARAM_INT)
+                    )
                 )
                 ->execute()
                 ->fetch();
@@ -4836,8 +4908,14 @@ class BackendUtility
             ->count('uid')
             ->from('sys_be_shortcuts')
             ->where(
-                $queryBuilder->expr()->eq('userid', (int)self::getBackendUserAuthentication()->user['uid']),
-                $queryBuilder->expr()->eq('url', $queryBuilder->createNamedParameter($url))
+                $queryBuilder->expr()->eq(
+                    'userid',
+                    $queryBuilder->createNamedParameter(
+                        self::getBackendUserAuthentication()->user['uid'],
+                        \PDO::PARAM_INT
+                    )
+                ),
+                $queryBuilder->expr()->eq('url', $queryBuilder->createNamedParameter($url, \PDO::PARAM_STR))
             )
             ->execute()
             ->fetchColumn(0);
index 86e4d91..0083b7d 100644 (file)
@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Backend\View\BackendLayout;
  * The TYPO3 project - inspiring people to share!
  */
 
+use Doctrine\Common\Collections\Expr\Comparison;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
@@ -74,7 +75,7 @@ class DefaultDataProvider implements DataProviderInterface
         $data = $queryBuilder
             ->select('*')
             ->from($this->tableName)
-            ->where($queryBuilder->expr()->eq('uid', (int)$identifier))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($identifier, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
 
@@ -153,16 +154,37 @@ class DefaultDataProvider implements DataProviderInterface
             ->where(
                 $queryBuilder->expr()->orX(
                     $queryBuilder->expr()->andX(
-                        $queryBuilder->expr()->comparison((int)$pageTsConfigId[$fieldName], '=', 0),
-                        $queryBuilder->expr()->comparison((int)$storagePid, '=', 0)
+                        $queryBuilder->expr()->comparison(
+                            $queryBuilder->createNamedParameter($pageTsConfigId[$fieldName], \PDO::PARAM_INT),
+                            Comparison::EQ,
+                            $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->comparison(
+                            $queryBuilder->createNamedParameter($storagePid, \PDO::PARAM_INT),
+                            Comparison::EQ,
+                            $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                        )
                     ),
                     $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->eq('backend_layout.pid', (int)$pageTsConfigId[$fieldName]),
-                        $queryBuilder->expr()->eq('backend_layout.pid', (int)$storagePid)
+                        $queryBuilder->expr()->eq(
+                            'backend_layout.pid',
+                            $queryBuilder->createNamedParameter($pageTsConfigId[$fieldName], \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'backend_layout.pid',
+                            $queryBuilder->createNamedParameter($storagePid, \PDO::PARAM_INT)
+                        )
                     ),
                     $queryBuilder->expr()->andX(
-                        $queryBuilder->expr()->comparison((int)$pageTsConfigId[$fieldName], '=', 0),
-                        $queryBuilder->expr()->eq('backend_layout.pid', (int)$pageUid)
+                        $queryBuilder->expr()->comparison(
+                            $queryBuilder->createNamedParameter($pageTsConfigId[$fieldName], \PDO::PARAM_INT),
+                            Comparison::EQ,
+                            $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'backend_layout.pid',
+                            $queryBuilder->createNamedParameter($pageUid, \PDO::PARAM_INT)
+                        )
                     )
                 )
             );
index f91c637..349af7d 100644 (file)
@@ -154,7 +154,12 @@ class BackendLayoutView implements \TYPO3\CMS\Core\SingletonInterface
                 $pageId = $queryBuilder
                     ->select('pid')
                     ->from($tableName)
-                    ->where($queryBuilder->expr()->eq('uid', abs($data['pid'])))
+                    ->where(
+                        $queryBuilder->expr()->eq(
+                            'uid',
+                            $queryBuilder->createNamedParameter(abs($data['pid']), \PDO::PARAM_INT)
+                        )
+                    )
                     ->execute()
                     ->fetchColumn();
             } else {
@@ -437,7 +442,12 @@ class BackendLayoutView implements \TYPO3\CMS\Core\SingletonInterface
         $page = $queryBuilder
             ->select('uid', 'pid', 'backend_layout')
             ->from('pages')
-            ->where($queryBuilder->expr()->eq('uid', (int)$pageId))
+            ->where(
+                $queryBuilder->expr()->eq(
+                    'uid',
+                    $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
+                )
+            )
             ->execute()
             ->fetch();
         BackendUtility::workspaceOL('pages', $page);
index b8f0357..c396831 100644 (file)
@@ -19,6 +19,7 @@ use TYPO3\CMS\Backend\Controller\Page\LocalizationController;
 use TYPO3\CMS\Backend\Controller\PageLayoutController;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
 use TYPO3\CMS\Core\Database\Query\Restriction\BackendWorkspaceRestriction;
@@ -316,7 +317,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                 ->select('*')
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('uid', (int)$id),
+                    $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)),
                     $this->getBackendUser()->getPagePermsClause(1)
                 )
                 ->execute()
@@ -1195,7 +1196,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
             ->select('*')
             ->from('pages')
             ->where(
-                $queryBuilder->expr()->eq('pid', (int)$pid),
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)),
                 $this->getBackendUser()->getPagePermsClause(1)
             );
 
@@ -1259,7 +1260,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
         $queryBuilder
             ->select('*')
             ->from('pages')
-            ->where($queryBuilder->expr()->eq('pid', (int)$pid));
+            ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)));
 
         if (!empty($GLOBALS['TCA']['pages']['ctrl']['sortby'])) {
             $queryBuilder->orderBy($GLOBALS['TCA']['pages']['ctrl']['sortby']);
@@ -1878,8 +1879,14 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                 ->select('*')
                 ->from('tt_content')
                 ->where(
-                    $queryBuilder->expr()->eq('sys_language_uid', intval($lP)),
-                    $queryBuilder->expr()->in('l18n_parent', array_map('intval', $defaultLanguageUids))
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter($lP, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->in(
+                        'l18n_parent',
+                        $queryBuilder->createNamedParameter($defaultLanguageUids, Connection::PARAM_INT_ARRAY)
+                    )
                 );
 
             $result = $queryBuilder->execute();
@@ -2050,11 +2057,25 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                     $queryBuilder->expr()->eq('sys_language.uid', $queryBuilder->quoteIdentifier('pages_language_overlay.sys_language_uid'))
                 )
                 ->where(
-                    $queryBuilder->expr()->eq('pages_language_overlay.deleted', 0),
-                    $queryBuilder->expr()->eq('pages_language_overlay.pid', (int)$this->id),
+                    $queryBuilder->expr()->eq(
+                        'pages_language_overlay.deleted', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'pages_language_overlay.pid',
+                        $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)
+                    ),
                     $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->gte('pages_language_overlay.t3ver_state', (int)(new VersionState(VersionState::DEFAULT_STATE))),
-                        $queryBuilder->expr()->eq('pages_language_overlay.t3ver_wsid', (int)$this->getBackendUser()->workspace)
+                        $queryBuilder->expr()->gte(
+                            'pages_language_overlay.t3ver_state',
+                            $queryBuilder->createNamedParameter(
+                                (string)new VersionState(VersionState::DEFAULT_STATE),
+                                \PDO::PARAM_INT
+                            )
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'pages_language_overlay.t3ver_wsid',
+                            $queryBuilder->createNamedParameter($this->getBackendUser()->workspace, \PDO::PARAM_INT)
+                        )
                     )
                 )
                 ->groupBy('pages_language_overlay.sys_language_uid', 'sys_language.uid', 'sys_language.pid',
@@ -2062,7 +2083,12 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                     'sys_language.language_isocode', 'sys_language.static_lang_isocode', 'sys_language.flag')
                 ->orderBy('sys_language.sorting');
             if (!$this->getBackendUser()->isAdmin()) {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('sys_language.hidden', 0));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq(
+                        'sys_language.hidden',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    )
+                );
             }
             $statement = $queryBuilder->execute();
             while ($row = $statement->fetch()) {
@@ -2230,7 +2256,9 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                 ->add(GeneralUtility::makeInstance(BackendWorkspaceRestriction::class));
             $count = (int)$queryBuilder->count('uid')
                 ->from($table)
-                ->where($queryBuilder->expr()->eq('pid', (int)$pid))
+                ->where(
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT))
+                )
                 ->execute()
                 ->fetchColumn();
         }
@@ -2366,7 +2394,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                     ->add(GeneralUtility::makeInstance(BackendWorkspaceRestriction::class));
                 $count = $queryBuilder->count('uid')
                     ->from($tName)
-                    ->where($queryBuilder->expr()->eq('pid', (int)$id))
+                    ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
                     ->execute()
                     ->fetchColumn();
                 // If records were found (or if "tt_content" is the table...):
index 4681f6f..5826ecd 100644 (file)
@@ -61,7 +61,12 @@ class AvatarViewHelper extends AbstractViewHelper
             $backendUser = $queryBuilder
                 ->select('*')
                 ->from('be_users')
-                ->where($queryBuilder->expr()->eq('uid', (int)$arguments['backendUser']))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($arguments['backendUser'], \PDO::PARAM_INT)
+                    )
+                )
                 ->execute()
                 ->fetch();
         } else {
index 502829d..099f7de 100644 (file)
@@ -90,10 +90,17 @@ class LocalizationControllerTest extends FunctionalTestCase
             ->from('tt_content')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', 1),
-                    $queryBuilder->expr()->eq('sys_language_uid', 1)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    )
                 )
-            )->execute()
+            )
+            ->execute()
             ->fetchAll();
         $this->assertSame($expectedResults, $results);
     }
@@ -141,10 +148,17 @@ class LocalizationControllerTest extends FunctionalTestCase
             ->from('tt_content')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', 1),
-                    $queryBuilder->expr()->eq('sys_language_uid', 2)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter(2, \PDO::PARAM_INT)
+                    )
                 )
-            )->execute()
+            )
+            ->execute()
             ->fetchAll();
         $this->assertSame($expectedResults, $results);
     }
@@ -190,10 +204,17 @@ class LocalizationControllerTest extends FunctionalTestCase
             ->from('tt_content')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', 1),
-                    $queryBuilder->expr()->eq('sys_language_uid', 2)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter(2, \PDO::PARAM_INT)
+                    )
                 )
-            )->execute()
+            )
+            ->execute()
             ->fetchAll();
         $this->assertSame($expectedResults, $results);
     }
@@ -241,10 +262,17 @@ class LocalizationControllerTest extends FunctionalTestCase
             ->from('tt_content')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', 1),
-                    $queryBuilder->expr()->eq('sys_language_uid', 2)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter(2, \PDO::PARAM_INT)
+                    )
                 )
-            )->execute()
+            )
+            ->execute()
             ->fetchAll();
         $this->assertSame($expectedResults, $results);
     }
@@ -322,8 +350,14 @@ class LocalizationControllerTest extends FunctionalTestCase
             ->from('tt_content')
             ->where(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', 1),
-                    $queryBuilder->expr()->eq('sys_language_uid', 1)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'sys_language_uid',
+                        $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)
+                    )
                 )
             )->orderBy('sorting', 'ASC')
             ->execute()
index 2ec1b46..b8fc266 100644 (file)
@@ -104,6 +104,7 @@ class DatabaseSystemLanguageRowsTest extends UnitTestCase
         $queryBuilderProphecy->expr()->shouldBeCalled()->willReturn($expressionBuilderProphecy->reveal());
         $expressionBuilderProphecy->eq('pid', 0)->shouldBeCalled()->willReturn('pid = 0');
         $queryBuilderProphecy->where('pid = 0')->shouldBeCalled()->willReturn($queryBuilderRevelation);
+        $queryBuilderProphecy->createNamedParameter(Argument::cetera())->willReturnArgument(0);
         $queryBuilderProphecy->execute()->shouldBeCalled()->willReturn($statementProphecy->reveal());
         $statementProphecy->fetch()->shouldBeCalledTimes(1)->willReturn(false);
 
@@ -147,6 +148,7 @@ class DatabaseSystemLanguageRowsTest extends UnitTestCase
         $queryBuilderProphecy->expr()->shouldBeCalled()->willReturn($expressionBuilderProphecy->reveal());
         $expressionBuilderProphecy->eq('pid', 0)->shouldBeCalled()->willReturn('pid = 0');
         $queryBuilderProphecy->where('pid = 0')->shouldBeCalled()->willReturn($queryBuilderRevelation);
+        $queryBuilderProphecy->createNamedParameter(Argument::cetera())->willReturnArgument(0);
         $queryBuilderProphecy->execute()->shouldBeCalled()->willReturn($statementProphecy->reveal());
         $statementProphecy->fetch()->shouldBeCalledTimes(1)->willReturn(false);
 
@@ -205,6 +207,7 @@ class DatabaseSystemLanguageRowsTest extends UnitTestCase
         $queryBuilderProphecy->expr()->shouldBeCalled()->willReturn($expressionBuilderProphecy->reveal());
         $expressionBuilderProphecy->eq('pid', 0)->shouldBeCalled()->willReturn('pid = 0');
         $queryBuilderProphecy->where('pid = 0')->shouldBeCalled()->willReturn($queryBuilderRevelation);
+        $queryBuilderProphecy->createNamedParameter(Argument::cetera())->willReturnArgument(0);
         $queryBuilderProphecy->execute()->shouldBeCalled()->willReturn($statementProphecy->reveal());
         $statementProphecy->fetch()->shouldBeCalledTimes(1)->willReturn(false);
 
@@ -261,6 +264,7 @@ class DatabaseSystemLanguageRowsTest extends UnitTestCase
         $queryBuilderProphecy->expr()->shouldBeCalled()->willReturn($expressionBuilderProphecy->reveal());
         $expressionBuilderProphecy->eq('pid', 0)->shouldBeCalled()->willReturn('pid = 0');
         $queryBuilderProphecy->where('pid = 0')->shouldBeCalled()->willReturn($queryBuilderRevelation);
+        $queryBuilderProphecy->createNamedParameter(Argument::cetera())->willReturnArgument(0);
         $queryBuilderProphecy->execute()->shouldBeCalled()->willReturn($statementProphecy->reveal());
 
         $statementProphecy->fetch()->shouldBeCalledTimes(2)->willReturn($aDatabaseResultRow, false);
@@ -325,6 +329,7 @@ class DatabaseSystemLanguageRowsTest extends UnitTestCase
         $queryBuilderProphecy->expr()->shouldBeCalled()->willReturn($expressionBuilderProphecy->reveal());
         $expressionBuilderProphecy->eq('pid', 0)->shouldBeCalled()->willReturn('pid = 0');
         $queryBuilderProphecy->where('pid = 0')->shouldBeCalled()->willReturn($queryBuilderRevelation);
+        $queryBuilderProphecy->createNamedParameter(Argument::cetera())->willReturnArgument(0);
         $queryBuilderProphecy->execute()->shouldBeCalled()->willReturn($statementProphecy->reveal());
 
         $statementProphecy->fetch()->shouldBeCalledTimes(2)->willReturn($aDatabaseResultRow, false);
index e8ef689..4b92d5b 100644 (file)
@@ -292,7 +292,8 @@ class BackendUtilityTest extends UnitTestCase
         /** @var QueryBuilder|ObjectProphecy $queryBuilderProphet */
         $queryBuilderProphet->select('uid', 'sys_category.title')->willReturn($queryBuilderProphet->reveal());
         $queryBuilderProphet->from('sys_category')->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where('`uid` IN (1, 2)')->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->where('`uid` IN (:dcValue1)')->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->createNamedParameter([1, 2], Connection::PARAM_INT_ARRAY)->willReturn(':dcValue1');
         $queryBuilderProphet->execute()->willReturn($statementProphet->reveal());
 
         GeneralUtility::addInstance(RelationHandler::class, $relationHandlerInstance);
@@ -1072,9 +1073,12 @@ class BackendUtilityTest extends UnitTestCase
         $queryBuilderProphet->from($tableName)
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
-        $queryBuilderProphet->where('`uid` = ' . $row['origUid'])
+        $queryBuilderProphet->where('`uid` = 1')
             ->shouldBeCalled()
             ->willReturn($queryBuilderProphet->reveal());
+        $queryBuilderProphet->createNamedParameter(Argument::cetera())
+            ->shouldBeCalled()
+            ->willReturnArgument(0);
         $queryBuilderProphet->execute()
             ->shouldBeCalled()
             ->willReturn($statementProphet->reveal());
index 6c9b498..d6fb3c9 100644 (file)
@@ -18,6 +18,7 @@ use TYPO3\CMS\Backend\Backend\ToolbarItems\SystemInformationToolbarItem;
 use TYPO3\CMS\Backend\Toolbar\Enumeration\InformationStatus;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Belog\Domain\Model\Constraint;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Extbase\Utility\LocalizationUtility;
@@ -54,8 +55,11 @@ class SystemInformationController extends AbstractController
         $count = $queryBuilder->count('error')
             ->from('sys_log')
             ->where(
-                $queryBuilder->expr()->gte('tstamp', $timestamp),
-                $queryBuilder->expr()->in('error', [-1, 1, 2])
+                $queryBuilder->expr()->gte('tstamp', $queryBuilder->createNamedParameter($timestamp, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->in(
+                    'error',
+                    $queryBuilder->createNamedParameter([-1, 1, 2], Connection::PARAM_INT_ARRAY)
+                )
             )
             ->execute()
             ->fetchColumn(0);
index 61cbf58..e4c29ed 100644 (file)
@@ -238,8 +238,14 @@ class BackendUserController extends BackendUserActionController
         $affectedRows = $queryBuilder
             ->delete('be_sessions')
             ->where(
-                $queryBuilder->expr()->eq('ses_userid', (int)$backendUser->getUid()),
-                $queryBuilder->expr()->eq('ses_id', $queryBuilder->expr()->literal($sessionId))
+                $queryBuilder->expr()->eq(
+                    'ses_userid',
+                    $queryBuilder->createNamedParameter($backendUser->getUid(), \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'ses_id',
+                    $queryBuilder->createNamedParameter($sessionId, \PDO::PARAM_STR)
+                )
             )
             ->execute();
 
@@ -269,9 +275,27 @@ class BackendUserController extends BackendUserActionController
             $queryBuilder
                 ->update('be_sessions')
                 ->where(
-                    $queryBuilder->expr()->eq('ses_id', $queryBuilder->expr()->literal($this->getBackendUserAuthentication()->id)),
-                    $queryBuilder->expr()->eq('ses_name', $queryBuilder->expr()->literal(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName())),
-                    $queryBuilder->expr()->eq('ses_userid', (int)$this->getBackendUserAuthentication()->user['uid'])
+                    $queryBuilder->expr()->eq(
+                        'ses_id',
+                        $queryBuilder->createNamedParameter(
+                            $this->getBackendUserAuthentication()->id,
+                            \PDO::PARAM_STR
+                        )
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'ses_name',
+                        $queryBuilder->createNamedParameter(
+                            \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(),
+                            \PDO::PARAM_STR
+                        )
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'ses_userid',
+                        $queryBuilder->createNamedParameter(
+                            $this->getBackendUserAuthentication()->user['uid'],
+                            \PDO::PARAM_INT
+                        )
+                    )
                 )
                 ->set('ses_userid', (int)$targetUser['uid'])
                 ->set('ses_backuserid', (int)$this->getBackendUserAuthentication()->user['uid'])
index f676c60..c33cff1 100644 (file)
@@ -53,7 +53,12 @@ class BackendUserSessionRepository extends Repository
         return $queryBuilder
             ->select('ses_id AS id', 'ses_iplock AS ip', 'ses_tstamp AS timestamp')
             ->from('be_sessions')
-            ->where($queryBuilder->expr()->eq('ses_userid', (int)$backendUser->getUid()))
+            ->where(
+                $queryBuilder->expr()->eq(
+                    'ses_userid',
+                    $queryBuilder->createNamedParameter($backendUser->getUid(), \PDO::PARAM_INT)
+                )
+            )
             ->orderBy('ses_tstamp', 'ASC')
             ->execute()
             ->fetchAll();
@@ -73,9 +78,18 @@ class BackendUserSessionRepository extends Repository
             ->set('ses_userid', $authentication->user['ses_backuserid'])
             ->set('ses_backuserid', 0)
             ->where(
-                $queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->id)),
-                $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(BackendUserAuthentication::getCookieName())),
-                $queryBuilder->expr()->eq('ses_userid', (int)$GLOBALS['BE_USER']->user['uid'])
+                $queryBuilder->expr()->eq(
+                    'ses_id',
+                    $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->id, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'ses_name',
+                    $queryBuilder->createNamedParameter(BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'ses_userid',
+                    $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->user['uid'], \PDO::PARAM_INT)
+                )
             )
             ->execute();
     }
index a4161a8..fac29fc 100644 (file)
@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Beuser\ViewHelpers\Display;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper;
@@ -71,7 +72,10 @@ class PagesViewHelper extends AbstractViewHelper
             ->where(
                 $queryBuilder->expr()->in(
                     'uid',
-                    GeneralUtility::intExplode(',', $uids)
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $uids),
+                        Connection::PARAM_INT_ARRAY
+                    )
                 )
             )
             ->orderBy('uid', 'ASC')
index bdffb65..dd7b8ea 100644 (file)
@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Beuser\ViewHelpers\Display;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper;
@@ -71,7 +72,10 @@ class SysFileMountsViewHelper extends AbstractViewHelper
             ->where(
                 $queryBuilder->expr()->in(
                     'uid',
-                    GeneralUtility::intExplode(',', $uids)
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $uids),
+                        Connection::PARAM_INT_ARRAY
+                    )
                 )
             )
             ->orderBy('title', 'ASC')
index ee49dd2..e0b9cf2 100644 (file)
@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Beuser\ViewHelpers\Display;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Fluid\Core\ViewHelper\AbstractViewHelper;
@@ -71,7 +72,10 @@ class SysLanguageViewHelper extends AbstractViewHelper
             ->where(
                 $queryBuilder->expr()->in(
                     'uid',
-                    GeneralUtility::intExplode(',', $uids)
+                    $queryBuilder->createNamedParameter(
+                        GeneralUtility::intExplode(',', $uids),
+                        Connection::PARAM_INT_ARRAY
+                    )
                 )
             )
             ->orderBy('sorting')
index 5d40381..5abb83b 100644 (file)
@@ -1060,11 +1060,11 @@ abstract class AbstractUserAuthentication
             ->where(
                 $queryBuilder->expr()->eq(
                     $this->session_table . '.ses_id',
-                    $queryBuilder->createNamedParameter($this->id)
+                    $queryBuilder->createNamedParameter($this->id, \PDO::PARAM_STR)
                 ),
                 $queryBuilder->expr()->eq(
                     $this->session_table . '.ses_name',
-                    $queryBuilder->createNamedParameter($this->name)
+                    $queryBuilder->createNamedParameter($this->name, \PDO::PARAM_STR)
                 ),
                 // Condition on which to join the session and user table
                 $queryBuilder->expr()->eq(
@@ -1073,7 +1073,7 @@ abstract class AbstractUserAuthentication
                 ),
                 $queryBuilder->expr()->eq(
                     $this->session_table . '.ses_hashlock',
-                    $queryBuilder->createNamedParameter($this->hashLockClause_getHashInt())
+                    $queryBuilder->createNamedParameter($this->hashLockClause_getHashInt(), \PDO::PARAM_INT)
                 )
             );
 
@@ -1508,11 +1508,11 @@ abstract class AbstractUserAuthentication
             ->where(
                 $query->expr()->lt(
                     'ses_tstamp',
-                    $query->createNamedParameter((int)($GLOBALS['EXEC_TIME'] - $this->gc_time))
+                    $query->createNamedParameter(($GLOBALS['EXEC_TIME'] - $this->gc_time), \PDO::PARAM_INT)
                 ),
                 $query->expr()->eq(
                     'ses_name',
-                    $query->createNamedParameter($this->name)
+                    $query->createNamedParameter($this->name, \PDO::PARAM_STR)
                 )
             )
             ->execute();
@@ -1593,7 +1593,7 @@ abstract class AbstractUserAuthentication
         $query->setRestrictions($this->userConstraints());
         $query->select('*')
             ->from($this->user_table)
-            ->where($query->expr()->eq('uid', (int)$uid));
+            ->where($query->expr()->eq('uid', $query->createNamedParameter($uid, \PDO::PARAM_INT)));
 
         return $query->execute()->fetch();
     }
@@ -1612,7 +1612,7 @@ abstract class AbstractUserAuthentication
         $query->setRestrictions($this->userConstraints());
         $query->select('*')
             ->from($this->user_table)
-            ->where($query->expr()->eq('username', $query->createNamedParameter($name)));
+            ->where($query->expr()->eq('username', $query->createNamedParameter($name, \PDO::PARAM_STR)));
 
         return $query->execute()->fetch();
     }
@@ -1648,7 +1648,10 @@ abstract class AbstractUserAuthentication
             if (!empty($username)) {
                 array_unshift(
                     $constraints,
-                    $query->expr()->eq($dbUser['username_column'], $query->createNamedParameter($username))
+                    $query->expr()->eq(
+                        $dbUser['username_column'],
+                        $query->createNamedParameter($username, \PDO::PARAM_STR)
+                    )
                 );
             }
 
index e71f07b..89d959a 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\Authentication;
  */
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
@@ -1382,7 +1383,10 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                         $this->getPagePermsClause(1),
                         $queryBuilder->expr()->in(
                             'uid',
-                            GeneralUtility::intExplode(',', $this->groupData['webmounts'])
+                            $queryBuilder->createNamedParameter(
+                                GeneralUtility::intExplode(',', $this->groupData['webmounts']),
+                                Connection::PARAM_INT_ARRAY
+                            )
                         )
                     )
                     ->execute()
@@ -1417,14 +1421,23 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
         $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->usergroup_table);
         $expressionBuilder = $queryBuilder->expr();
         $constraints = $expressionBuilder->andX(
-            $expressionBuilder->eq('pid', 0),
-            $expressionBuilder->in('uid', GeneralUtility::intExplode(',', $grList)),
+            $expressionBuilder->eq(
+                'pid',
+                $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+            ),
+            $expressionBuilder->in(
+                'uid',
+                $queryBuilder->createNamedParameter(
+                    GeneralUtility::intExplode(',', $grList),
+                    Connection::PARAM_INT_ARRAY
+                )
+            ),
             $expressionBuilder->orX(
                 $expressionBuilder->eq('lockToDomain', $queryBuilder->quote('')),
                 $expressionBuilder->isNull('lockToDomain'),
                 $expressionBuilder->eq(
                     'lockToDomain',
-                    $queryBuilder->createNamedParameter(GeneralUtility::getIndpEnv('HTTP_HOST'))
+                    $queryBuilder->createNamedParameter(GeneralUtility::getIndpEnv('HTTP_HOST'), \PDO::PARAM_STR)
                 )
             )
         );
@@ -1623,7 +1636,9 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
 
             $queryBuilder->select('*')
                 ->from('sys_filemounts')
-                ->where($queryBuilder->expr()->in('uid', array_map('intval', $fileMounts)));
+                ->where(
+                    $queryBuilder->expr()->in('uid', $queryBuilder->createNamedParameter($fileMounts, Connection::PARAM_INT_ARRAY))
+                );
 
             foreach (QueryHelper::parseOrderBy($orderBy) as $fieldAndDirection) {
                 $queryBuilder->addOrderBy(...$fieldAndDirection);
@@ -1645,7 +1660,9 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
             $queryBuilder = $connectionPool->getQueryBuilderForTable('sys_file_storage');
             $defaultStorageRow = $queryBuilder->select('uid')
                 ->from('sys_file_storage')
-                ->where($queryBuilder->expr()->eq('is_default', 1))
+                ->where(
+                    $queryBuilder->expr()->eq('is_default', $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT))
+                )
                 ->setMaxResults(1)
                 ->execute()
                 ->fetch(\PDO::FETCH_ASSOC);
@@ -2064,12 +2081,10 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                         $queryBuilder->getRestrictions()->add(GeneralUtility::makeInstance(RootLevelRestriction::class));
                         $wsRec = $queryBuilder->select(...GeneralUtility::trimExplode(',', $fields))
                             ->from('sys_workspace')
-                            ->where(
-                                $queryBuilder->expr()->eq(
-                                    'uid',
-                                    (int)$wsRec
-                                )
-                            )
+                            ->where($queryBuilder->expr()->eq(
+                                'uid',
+                                $queryBuilder->createNamedParameter($wsRec, \PDO::PARAM_INT)
+                            ))
                             ->orderBy('title')
                             ->setMaxResults(1)
                             ->execute()
@@ -2360,9 +2375,18 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
             $queryBuilder->select('tstamp')
                 ->from('sys_log')
                 ->where(
-                    $queryBuilder->expr()->eq('type', 255),
-                    $queryBuilder->expr()->eq('action', 4),
-                    $queryBuilder->expr()->gt('tstamp', (int)$theTimeBack)
+                    $queryBuilder->expr()->eq(
+                        'type',
+                        $queryBuilder->createNamedParameter(255, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'action',
+                        $queryBuilder->createNamedParameter(4, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->gt(
+                        'tstamp',
+                        $queryBuilder->createNamedParameter($theTimeBack, \PDO::PARAM_INT)
+                    )
                 )
                 ->orderBy('tstamp', 'DESC')
                 ->setMaxResults(1);
@@ -2374,10 +2398,22 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
             $result = $queryBuilder->select('*')
                 ->from('sys_log')
                 ->where(
-                    $queryBuilder->expr()->eq('type', 255),
-                    $queryBuilder->expr()->eq('action', 3),
-                    $queryBuilder->expr()->neq('error', 0),
-                    $queryBuilder->expr()->gt('tstamp', (int)$theTimeBack)
+                    $queryBuilder->expr()->eq(
+                        'type',
+                        $queryBuilder->createNamedParameter(255, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'action',
+                        $queryBuilder->createNamedParameter(3, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->neq(
+                        'error',
+                        $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->gt(
+                        'tstamp',
+                        $queryBuilder->createNamedParameter($theTimeBack, \PDO::PARAM_INT)
+                    )
                 )
                 ->orderBy('tstamp')
                 ->execute();
@@ -2641,8 +2677,13 @@ This is a dump of the failures:
             $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_users');
             $isUserAllowedToLogin = (bool)$queryBuilder->count('uid')
                 ->from('be_users')
-                ->where($queryBuilder->expr()->eq('uid', (int)$backendUserId))
-                ->andWhere($queryBuilder->expr()->eq('admin', 1))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($backendUserId, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq('admin', $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT))
+                )
                 ->execute()
                 ->fetchColumn(0);
         }
index 50e0589..d7f59f3 100644 (file)
@@ -138,8 +138,14 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
         $cacheRow =  $queryBuilder->select('content')
             ->from($this->cacheTable)
             ->where(
-                $queryBuilder->expr()->eq('identifier', $queryBuilder->createNamedParameter($entryIdentifier)),
-                $queryBuilder->expr()->gte('expires', (int)$GLOBALS['EXEC_TIME'])
+                $queryBuilder->expr()->eq(
+                    'identifier',
+                    $queryBuilder->createNamedParameter($entryIdentifier, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->gte(
+                    'expires',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetch();
@@ -167,8 +173,14 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
         $count = $queryBuilder->count('*')
             ->from($this->cacheTable)
             ->where(
-                $queryBuilder->expr()->eq('identifier', $queryBuilder->createNamedParameter($entryIdentifier)),
-                $queryBuilder->expr()->gte('expires', (int)$GLOBALS['EXEC_TIME'])
+                $queryBuilder->expr()->eq(
+                    'identifier',
+                    $queryBuilder->createNamedParameter($entryIdentifier, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->gte(
+                    'expires',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                )
             )
             ->execute()
             ->fetchColumn(0);
@@ -217,8 +229,14 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
             ->from($this->tagsTable)
             ->where(
                 $queryBuilder->expr()->eq($this->cacheTable . '.identifier',  $queryBuilder->quoteIdentifier($this->tagsTable . '.identifier')),
-                $queryBuilder->expr()->eq($this->tagsTable . '.tag', $queryBuilder->createNamedParameter($tag)),
-                $queryBuilder->expr()->gte($this->cacheTable . '.expires', (int)$GLOBALS['EXEC_TIME'])
+                $queryBuilder->expr()->eq(
+                    $this->tagsTable . '.tag',
+                    $queryBuilder->createNamedParameter($tag, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->gte(
+                    $this->cacheTable . '.expires',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                )
             )
             ->execute();
         while ($row = $result->fetch()) {
@@ -270,7 +288,7 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
             $queryBuilder = $connection->createQueryBuilder();
             $result = $queryBuilder->select('identifier')
                 ->from($this->tagsTable)
-                ->where($queryBuilder->expr()->eq('tag', $queryBuilder->createNamedParameter($tag)))
+                ->where($queryBuilder->expr()->eq('tag', $queryBuilder->createNamedParameter($tag, \PDO::PARAM_STR)))
                 // group by is like DISTINCT and used here to suppress possible duplicate identifiers
                 ->groupBy('identifier')
                 ->execute();
@@ -321,7 +339,10 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
             $queryBuilder = $connection->createQueryBuilder();
             $result = $queryBuilder->select('identifier')
                 ->from($this->cacheTable)
-                ->where($queryBuilder->expr()->lt('expires', (int)$GLOBALS['EXEC_TIME']))
+                ->where($queryBuilder->expr()->lt(
+                    'expires',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                ))
                 // group by is like DISTINCT and used here to suppress possible duplicate identifiers
                 ->groupBy('identifier')
                 ->execute();
@@ -339,7 +360,10 @@ class Typo3DatabaseBackend extends AbstractBackend implements TaggableBackendInt
                     ->execute();
             }
             $queryBuilder->delete($this->cacheTable)
-                ->where($queryBuilder->expr()->lt('expires', (int)$GLOBALS['EXEC_TIME']))
+                ->where($queryBuilder->expr()->lt(
+                    'expires',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                ))
                 ->execute();
 
             // Find out which "orphaned" tags rows exists that have no cache row and delete those, too.
index 773c3a6..639b619 100644 (file)
@@ -108,7 +108,7 @@ class CategoryCollection extends AbstractRecordCollection implements EditableCol
         $collectionRecord = $queryBuilder->select('*')
             ->from(static::$storageTableName)
             ->where(
-                $queryBuilder->expr()->eq('uid', (int)$id)
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT))
             )
             ->setMaxResults(1)
             ->execute()
@@ -154,14 +154,17 @@ class CategoryCollection extends AbstractRecordCollection implements EditableCol
                 )
             )
             ->where(
-                $queryBuilder->expr()->eq(static::$storageTableName . '.uid', (int)$this->getIdentifier()),
+                $queryBuilder->expr()->eq(
+                    static::$storageTableName . '.uid',
+                    $queryBuilder->createNamedParameter($this->getIdentifier(), \PDO::PARAM_INT)
+                ),
                 $queryBuilder->expr()->eq(
                     'sys_category_record_mm.tablenames',
-                    $queryBuilder->createNamedParameter($this->getItemTableName())
+                    $queryBuilder->createNamedParameter($this->getItemTableName(), \PDO::PARAM_STR)
                 ),
                 $queryBuilder->expr()->eq(
                     'sys_category_record_mm.fieldname',
-                    $queryBuilder->createNamedParameter($this->getRelationFieldName())
+                    $queryBuilder->createNamedParameter($this->getRelationFieldName(), \PDO::PARAM_STR)
                 )
             );
 
index 4b38950..a500c56 100644 (file)
@@ -333,7 +333,7 @@ abstract class AbstractRecordCollection implements RecordCollectionInterface, Pe
         $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class));
         $collectionRecord = $queryBuilder->select('*')
             ->from(static::$storageTableName)
-            ->where($queryBuilder->expr()->eq('uid', (int)$id))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
         return self::create($collectionRecord, $fillItems);
index 9c2b6de..42ef912 100644 (file)
@@ -71,7 +71,7 @@ class RecordCollectionRepository
 
         $data = $queryBuilder->select('*')
             ->from($this->table)
-            ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
         if (is_array($data)) {
index 8aca02b..7828956 100644 (file)
@@ -188,7 +188,10 @@ class StaticRecordCollection extends AbstractRecordCollection implements Editabl
                 )
             )
             ->where(
-                $queryBuilder->expr()->eq(self::$storageTableName . '.uid', (int)$this->getIdentifier())
+                $queryBuilder->expr()->eq(
+                    self::$storageTableName . '.uid',
+                    $queryBuilder->createNamedParameter($this->getIdentifier(), \PDO::PARAM_INT)
+                )
             )
             ->execute();
         $relatedRecords = [];
index cbf9347..b9322e7 100644 (file)
@@ -23,6 +23,7 @@ use TYPO3\CMS\Core\Cache\CacheManager;
 use TYPO3\CMS\Core\Cache\Frontend\VariableFrontend;
 use TYPO3\CMS\Core\Charset\CharsetConverter;
 use TYPO3\CMS\Core\Configuration\FlexForm\FlexFormTools;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
 use TYPO3\CMS\Core\Database\Query\QueryHelper;
@@ -2602,17 +2603,17 @@ class DataHandler
             ->count('uid')
             ->from($table)
             ->where(
-                $queryBuilder->expr()->eq($field, $queryBuilder->createPositionalParameter($value)),
-                $queryBuilder->expr()->neq('uid', $uid)
+                $queryBuilder->expr()->eq($field, $queryBuilder->createPositionalParameter($value, \PDO::PARAM_STR)),
+                $queryBuilder->expr()->neq('uid', $queryBuilder->createPositionalParameter($uid, \PDO::PARAM_INT))
             );
         if ($pid !== 0) {
             $queryBuilder->andWhere(
-                $queryBuilder->expr()->eq('pid', $pid)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createPositionalParameter($pid, \PDO::PARAM_INT))
             );
         } else {
             // pid>=0 for versioning
             $queryBuilder->andWhere(
-                $queryBuilder->expr()->gte('pid', 0)
+                $queryBuilder->expr()->gte('pid', $queryBuilder->createPositionalParameter(0, \PDO::PARAM_INT))
             );
         }
 
@@ -3512,13 +3513,27 @@ class DataHandler
                     $queryBuilder
                         ->select(...$fields)
                         ->from($table)
-                        ->where($queryBuilder->expr()->eq('pid', (int)$uid));
+                        ->where($queryBuilder->expr()->eq(
+                            'pid',
+                            $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
+                        );
                     if ($isTableWorkspaceEnabled && (int)$this->BE_USER->workspace === 0) {
                         // Table is workspace enabled, user is in default ws -> add t3ver_wsid=0 restriction
-                        $queryBuilder->andWhere($queryBuilder->expr()->eq('t3ver_wsid', 0));
+                        $queryBuilder->andWhere(
+                            $queryBuilder->expr()->eq(
+                                't3ver_wsid',
+                                $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                            )
+                        );
                     } elseif ($isTableWorkspaceEnabled) {
                         // Table is workspace enabled, user has a ws selected -> select wsid=0 and selected wsid rows
-                        $queryBuilder->andWhere($queryBuilder->expr()->in('t3ver_wsid', [0, (int)$this->BE_USER->workspace]));
+                        $queryBuilder->andWhere($queryBuilder->expr()->in(
+                            't3ver_wsid',
+                            $queryBuilder->createNamedParameter(
+                                [0, $this->BE_USER->workspace],
+                                Connection::PARAM_INT_ARRAY
+                            )
+                        ));
                     }
                     if (!empty($GLOBALS['TCA'][$table]['ctrl']['sortby'])) {
                         $queryBuilder->orderBy($GLOBALS['TCA'][$table]['ctrl']['sortby'], 'DESC');
@@ -3980,11 +3995,26 @@ class DataHandler
             ->select('*')
             ->from('sys_refindex')
             ->where(
-                $queryBuilder->expr()->eq('ref_table', $queryBuilder->createNamedParameter('_FILE')),
-                $queryBuilder->expr()->like('ref_string', $queryBuilder->createNamedParameter('%/RTEmagic%')),
-                $queryBuilder->expr()->eq('softref_key', $queryBuilder->createNamedParameter('images')),
-                $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($table)),
-                $queryBuilder->expr()->eq('recuid', (int)$theNewSQLID)
+                $queryBuilder->expr()->eq(
+                    'ref_table',
+                    $queryBuilder->createNamedParameter('_FILE', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->like(
+                    'ref_string',
+                    $queryBuilder->createNamedParameter('%/RTEmagic%', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'softref_key',
+                    $queryBuilder->createNamedParameter('images', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tablename',
+                    $queryBuilder->createNamedParameter($table, \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'recuid',
+                    $queryBuilder->createNamedParameter($theNewSQLID, \PDO::PARAM_INT)
+                )
             )
             ->orderBy('sorting', 'DESC')
             ->execute()
@@ -4930,7 +4960,7 @@ class DataHandler
                 $result = $queryBuilder
                     ->select(...$fileFieldArr)
                     ->from($table)
-                    ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                    ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)))
                     ->execute();
                 if ($row = $result->fetch()) {
                     $fArray = $fileFieldArr;
@@ -5081,7 +5111,10 @@ class DataHandler
                     $statement = $queryBuilder
                         ->select('uid')
                         ->from($table)
-                        ->where($queryBuilder->expr()->eq('pid', (int)$uid))
+                        ->where($queryBuilder->expr()->eq(
+                            'pid',
+                            $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                        ))
                         ->execute();
 
                     while ($row = $statement->fetch()) {
@@ -5423,10 +5456,10 @@ class DataHandler
             ->from($table)
             ->where($queryBuilder->expr()->orX(
                 $queryBuilder->expr()->andX(
-                    $queryBuilder->expr()->eq('pid', -1),
-                    $queryBuilder->expr()->eq('t3ver_oid', $id)
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq('t3ver_oid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT))
                 ),
-                $queryBuilder->expr()->eq('uid', $id)
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT))
             ))
             ->orderBy('t3ver_id', 'DESC')
             ->setMaxResults(1)
@@ -6309,7 +6342,7 @@ class DataHandler
                 $output = $queryBuilder
                     ->select('uid', 'pid')
                     ->from($table)
-                    ->where($queryBuilder->expr()->eq('uid', (int)$id))
+                    ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
                     ->execute()
                     ->fetch();
                 BackendUtility::fixVersioningPid($table, $output, true);
@@ -6349,14 +6382,20 @@ class DataHandler
         $queryBuilder
             ->select('uid')
             ->from('pages')
-            ->where($queryBuilder->expr()->eq('uid', (int)$id));
+            ->where($queryBuilder->expr()->eq(
+                'uid',
+                $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)
+            ));
         if ($perms && !$this->admin) {
             $queryBuilder->andWhere($this->BE_USER->getPagePermsClause($perms));
         }
         if (!$this->admin && $GLOBALS['TCA']['pages']['ctrl']['editlock'] &&
             $perms & Permission::PAGE_EDIT + Permission::PAGE_DELETE + Permission::CONTENT_EDIT
         ) {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq($GLOBALS['TCA']['pages']['ctrl']['editlock'], 0));
+            $queryBuilder->andWhere($queryBuilder->expr()->eq(
+                $GLOBALS['TCA']['pages']['ctrl']['editlock'],
+                $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+            ));
         }
         return $queryBuilder;
     }
@@ -6384,7 +6423,7 @@ class DataHandler
             $result = $queryBuilder
                 ->select('uid', 'perms_userid', 'perms_groupid', 'perms_user', 'perms_group', 'perms_everybody')
                 ->from('pages')
-                ->where($queryBuilder->expr()->eq('pid', (int)$pid))
+                ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)))
                 ->orderBy('sorting')
                 ->execute();
             while ($row = $result->fetch()) {
@@ -6454,7 +6493,7 @@ class DataHandler
             $result = $queryBuilder
                 ->select('pid', 'uid', 't3ver_oid', 't3ver_wsid')
                 ->from('pages')
-                ->where($queryBuilder->expr()->eq('uid', (int)$destinationId))
+                ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($destinationId, \PDO::PARAM_INT)))
                 ->execute();
             if ($row = $result->fetch()) {
                 BackendUtility::fixVersioningPid('pages', $row);
@@ -6522,7 +6561,10 @@ class DataHandler
                 $count = $queryBuilder
                     ->count('uid')
                     ->from($table)
-                    ->where($queryBuilder->expr()->eq('pid', (int)$page_uid))
+                    ->where($queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter($page_uid, \PDO::PARAM_INT)
+                    ))
                     ->execute()
                     ->fetchColumn(0);
                 if ($count) {
@@ -6554,7 +6596,7 @@ class DataHandler
             $row = $queryBuilder
                 ->select('*')
                 ->from('pages')
-                ->where($queryBuilder->expr()->eq('uid', (int)$id))
+                ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
                 ->execute()
                 ->fetch();
             if ($row) {
@@ -6584,7 +6626,7 @@ class DataHandler
         $result = $queryBuilder
             ->select(...GeneralUtility::trimExplode(',', $fieldList))
             ->from($table)
-            ->where($queryBuilder->expr()->eq('uid', (int)$id))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
         return $result ?: null;
@@ -6804,7 +6846,7 @@ class DataHandler
             $row = $queryBuilder
                 ->select('*')
                 ->from($table)
-                ->where($queryBuilder->expr()->eq('uid', (int)$id))
+                ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
                 ->execute()
                 ->fetch();
 
@@ -6914,7 +6956,7 @@ class DataHandler
             if ($pid >= 0) {
                 // Fetches the first record under this pid
                 $row = $queryBuilder
-                    ->where($queryBuilder->expr()->eq('pid', (int)$pid))
+                    ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)))
                     ->orderBy($sortRow, 'ASC')
                     ->setMaxResults(1)
                     ->execute()
@@ -6943,7 +6985,10 @@ class DataHandler
                 // Sorting number is inside the list
                 // Fetches the record which is supposed to be the prev record
                 $row = $queryBuilder
-                    ->where($queryBuilder->expr()->eq('uid', abs($pid)))
+                    ->where($queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter(abs($pid), \PDO::PARAM_INT)
+                    ))
                     ->execute()
                     ->fetch();
 
@@ -6968,8 +7013,14 @@ class DataHandler
                             ->select($sortRow, 'pid', 'uid')
                             ->from($table)
                             ->where(
-                                $queryBuilder->expr()->eq('pid', (int)$row['pid']),
-                                $queryBuilder->expr()->gte($sortRow, (int)$row[$sortRow])
+                                $queryBuilder->expr()->eq(
+                                    'pid',
+                                    $queryBuilder->createNamedParameter($row['pid'], \PDO::PARAM_INT)
+                                ),
+                                $queryBuilder->expr()->gte(
+                                    $sortRow,
+                                    $queryBuilder->createNamedParameter($row[$sortRow], \PDO::PARAM_INT)
+                                )
                             )
                             ->orderBy($sortRow, 'ASC')
                             ->setMaxResults(2)
@@ -7032,7 +7083,7 @@ class DataHandler
             $result = $queryBuilder
                 ->select('uid')
                 ->from($table)
-                ->where($queryBuilder->expr()->eq('pid', (int)$pid))
+                ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)))
                 ->orderBy($sortRow, 'ASC')
                 ->execute();
             while ($row = $result->fetch()) {
@@ -7086,16 +7137,29 @@ class DataHandler
                     ->select(...$select)
                     ->from($table)
                     ->where(
-                        $queryBuilder->expr()->eq('pid', (int)$pid),
-                        $queryBuilder->expr()->eq('sys_language_uid', 0),
-                        $queryBuilder->expr()->lt($sortRow, (int)$row[$sortRow])
+                        $queryBuilder->expr()->eq(
+                            'pid',
+                            $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'sys_language_uid',
+                            $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                        ),
+                        $queryBuilder->expr()->lt(
+                            $sortRow,
+                            $queryBuilder->createNamedParameter($row[$sortRow], \PDO::PARAM_INT)
+                        )
                     )
                     ->orderBy($sortRow, 'DESC')
                     ->setMaxResults(1);
                 if ($table === 'tt_content') {
-                    $queryBuilder->andWhere(
-                        $queryBuilder->expr()->eq('colPos', (int)$row['colPos'])
-                    );
+                    $queryBuilder
+                        ->andWhere(
+                            $queryBuilder->expr()->eq(
+                                'colPos',
+                                $queryBuilder->createNamedParameter($row['colPos'], \PDO::PARAM_INT)
+                            )
+                        );
                 }
                 // If there is an element, find its localized record in specified localization language
                 if ($previousRow = $queryBuilder->execute()->fetch()) {
@@ -7188,7 +7252,7 @@ class DataHandler
                 $queryBuilder
                     ->select('uid')
                     ->from('sys_language')
-                    ->where($queryBuilder->expr()->eq('pid', 0));
+                    ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)));
                 $rows = array_merge([['uid' => 0]], $queryBuilder->execute()->fetchAll(), [['uid' => -1]]);
                 foreach ($rows as $r) {
                     if ($this->BE_USER->checkLanguageAccess($r['uid'])) {
@@ -7231,7 +7295,7 @@ class DataHandler
         $queryBuilder->getRestrictions()->removeAll();
         $currentRecord = $queryBuilder->select('*')
             ->from($table)
-            ->where($queryBuilder->expr()->eq('uid', (int)$id))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
         // If the current record exists (which it should...), begin comparison:
@@ -7473,7 +7537,7 @@ class DataHandler
             ->removeAll();
         $queryBuilder->select('pid')
             ->from($table)
-            ->where($queryBuilder->expr()->eq('uid', (int)$uid));
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)));
         if ($row = $queryBuilder->execute()->fetch()) {
             return $row['pid'];
         }
@@ -7530,15 +7594,20 @@ class DataHandler
             $queryBuilder
                 ->select('uid')
                 ->from('pages')
-                ->where($queryBuilder->expr()->eq('pid', (int)$pid))
+                ->where($queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)))
                 ->orderBy('sorting', 'DESC');
             if (!$this->admin) {
                 $queryBuilder->andWhere($this->BE_USER->getPagePermsClause($this->pMap['show']));
             }
             if ((int)$this->BE_USER->workspace === 0) {
-                $queryBuilder->andWhere($queryBuilder->expr()->eq('t3ver_wsid', 0));
+                $queryBuilder->andWhere(
+                    $queryBuilder->expr()->eq('t3ver_wsid', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT))
+                );
             } else {
-                $queryBuilder->andWhere($queryBuilder->expr()->in('t3ver_wsid', [0, (int)$this->BE_USER->workspace]));
+                $queryBuilder->andWhere($queryBuilder->expr()->in(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter([0, $this->BE_USER->workspace], Connection::PARAM_INT_ARRAY)
+                ));
             }
             $result = $queryBuilder->execute();
 
@@ -7753,8 +7822,8 @@ class DataHandler
                 ->count('uid')
                 ->from($table)
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$pid),
-                    $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($checkTitle))
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT)),
+                    $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($checkTitle, \PDO::PARAM_STR))
                 )
                 ->execute()
                 ->fetchColumn(0);
@@ -7800,7 +7869,7 @@ class DataHandler
             $row = $query
                 ->select('pid')
                 ->from($table)
-                ->where($query->expr()->eq('uid', abs($pid)))
+                ->where($query->expr()->eq('uid', $query->createNamedParameter(abs($pid), \PDO::PARAM_INT)))
                 ->execute()
                 ->fetch();
             // Look, if the record UID happens to be an offline record. If so, find its live version.
@@ -7879,7 +7948,10 @@ class DataHandler
                     ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
                 $count = $query->count('uid')
                     ->from($table)
-                    ->where($query->expr()->in('pid', $inList))
+                    ->where($query->expr()->in(
+                        'pid',
+                        $query->createNamedParameter($inList, Connection::PARAM_INT_ARRAY)
+                    ))
                     ->execute()
                     ->fetchColumn(0);
                 if ($count && ($this->tableReadOnly($table) || !$this->checkModifyAccessList($table))) {
@@ -8019,7 +8091,7 @@ class DataHandler
                     ->from('pages', 'A')
                     ->from('pages', 'B')
                     ->where(
-                        $queryBuilder->expr()->eq('A.uid', (int)$pageUid),
+                        $queryBuilder->expr()->eq('A.uid', $queryBuilder->createNamedParameter($pageUid, \PDO::PARAM_INT)),
                         $queryBuilder->expr()->eq('B.pid', $queryBuilder->quoteIdentifier('A.pid'))
                     )
                     ->execute();
@@ -8037,9 +8109,10 @@ class DataHandler
                         $siblingChildren = $siblingChildrenQuery
                             ->select('uid')
                             ->from('pages')
-                            ->where(
-                                $siblingChildrenQuery->expr()->eq('pid', (int)$row_tmp['uid'])
-                            )
+                            ->where($siblingChildrenQuery->expr()->eq(
+                                'pid',
+                                $queryBuilder->createNamedParameter($row_tmp['uid'], \PDO::PARAM_INT)
+                            ))
                             ->execute();
                         while ($row_tmp2 = $siblingChildren->fetch()) {
                             $pageIdsThatNeedCacheFlush[] = (int)$row_tmp2['uid'];
@@ -8057,9 +8130,10 @@ class DataHandler
                     $row_tmp = $parentQuery
                         ->select('pid')
                         ->from('pages')
-                        ->where(
-                            $parentQuery->expr()->eq('uid', (int)$pid_tmp)
-                        )
+                        ->where($parentQuery->expr()->eq(
+                            'uid',
+                            $queryBuilder->createNamedParameter($pid_tmp, \PDO::PARAM_INT)
+                        ))
                         ->execute()
                         ->fetch();
                     if (!empty($row_tmp)) {
@@ -8312,11 +8386,17 @@ class DataHandler
             ->select('*')
             ->from('sys_log')
             ->where(
-                $queryBuilder->expr()->eq('type', 1),
-                $queryBuilder->expr()->lt('action', 256),
-                $queryBuilder->expr()->eq('userid', (int)$this->BE_USER->user['uid']),
-                $queryBuilder->expr()->eq('tstamp', (int)$GLOBALS['EXEC_TIME']),
-                $queryBuilder->expr()->neq('error', 0)
+                $queryBuilder->expr()->eq('type', $queryBuilder->createNamedParameter(1, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->lt('action', $queryBuilder->createNamedParameter(256, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq(
+                    'userid',
+                    $queryBuilder->createNamedParameter($this->BE_USER->user['uid'], \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'tstamp',
+                    $queryBuilder->createNamedParameter($GLOBALS['EXEC_TIME'], \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->neq('error', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT))
             )
             ->execute();
 
index ff1ffcd..375075a 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\DataHandling;
  */
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Versioning\VersionState;
@@ -174,9 +175,15 @@ class PlainDataResolver
             ->select('uid', 't3ver_oid', 't3ver_state')
             ->from($this->tableName)
             ->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->in('t3ver_oid', array_map('intval', $ids)),
-                $queryBuilder->expr()->eq('t3ver_wsid', $this->workspaceId)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->in(
+                    't3ver_oid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                ),
+                $queryBuilder->expr()->eq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter($this->workspaceId, \PDO::PARAM_INT)
+                )
             )
             ->execute();
 
@@ -220,10 +227,19 @@ class PlainDataResolver
             ->select('uid', 't3ver_move_id')
             ->from($this->tableName)
             ->where(
-                $queryBuilder->expr()->neq('pid', -1),
-                $queryBuilder->expr()->eq('t3ver_state', VersionState::MOVE_PLACEHOLDER),
-                $queryBuilder->expr()->eq('t3ver_wsid', $this->workspaceId),
-                $queryBuilder->expr()->in('t3ver_move_id', array_map('intval', $ids))
+                $queryBuilder->expr()->neq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq(
+                    't3ver_state',
+                    $queryBuilder->createNamedParameter((string)VersionState::MOVE_PLACEHOLDER, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter($this->workspaceId, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->in(
+                    't3ver_move_id',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                )
             )
             ->execute();
 
@@ -267,7 +283,10 @@ class PlainDataResolver
             ->select('uid')
             ->from($this->tableName)
             ->where(
-                $queryBuilder->expr()->in('uid', array_map('intval', $ids))
+                $queryBuilder->expr()->in(
+                    'uid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                )
             );
 
         if (!empty($this->sortingStatement)) {
@@ -305,7 +324,10 @@ class PlainDataResolver
             ->select('uid', 't3ver_oid')
             ->from($this->tableName)
             ->where(
-                $queryBuilder->expr()->in('uid', array_map('intval', $ids))
+                $queryBuilder->expr()->in(
+                    'uid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                )
             )
             ->execute();
 
index 8bc9958..82e31e9 100644 (file)
@@ -67,7 +67,8 @@ class BackendWorkspaceRestriction implements QueryRestrictionInterface
                         $workspaceIdExpression,
                         $expressionBuilder->lte(
                             $tablePrefix . '.t3ver_state',
-                            new VersionState(VersionState::DEFAULT_STATE)
+                            // Trigger __toString(), then cast int
+                            (int)(string)new VersionState(VersionState::DEFAULT_STATE)
                         )
                     );
                 } else {
index e032315..652c444 100644 (file)
@@ -71,7 +71,8 @@ class FrontendWorkspaceRestriction implements QueryRestrictionInterface
                     // in case we are NOT in a versioning preview (That means we are online!)
                     $constraints[] = $expressionBuilder->lte(
                         $tablePrefix . '.t3ver_state',
-                        new VersionState(VersionState::DEFAULT_STATE)
+                        // Trigger __toString(), then cast int
+                        (int)(string)new VersionState(VersionState::DEFAULT_STATE)
                     );
                 } elseif ($tableName !== 'pages') {
                     // Show only records of the live and current workspace in case we are in a versioning preview
index f44fcd1..ed1adfe 100644 (file)
@@ -945,11 +945,23 @@ class QueryGenerator
                             if ($from_table === 'pages') {
                                 $queryBuilder->where(
                                     QueryHelper::stripLogicalOperatorPrefix($perms_clause),
-                                    $queryBuilder->expr()->in('uid', GeneralUtility::intExplode(',', $webMountPageTree))
+                                    $queryBuilder->expr()->in(
+                                        'uid',
+                                        $queryBuilder->createNamedParameter(
+                                            GeneralUtility::intExplode(',', $webMountPageTree),
+                                            Connection::PARAM_INT_ARRAY
+                                        )
+                                    )
                                 );
                             } else {
                                 $queryBuilder->where(
-                                    $queryBuilder->expr()->in('pid', GeneralUtility::intExplode(',', $webMountPageTree))
+                                    $queryBuilder->expr()->in(
+                                        'pid',
+                                        $queryBuilder->createNamedParameter(
+                                            GeneralUtility::intExplode(',', $webMountPageTree),
+                                            Connection::PARAM_INT_ARRAY
+                                        )
+                                    )
                                 );
                             }
                         }
@@ -1547,7 +1559,7 @@ class QueryGenerator
             $statement = $queryBuilder->select('uid')
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$id),
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)),
                     QueryHelper::stripLogicalOperatorPrefix($permClause)
                 )
                 ->execute();
@@ -1613,11 +1625,23 @@ class QueryGenerator
             if ($this->table === 'pages') {
                 $queryBuilder->where(
                     QueryHelper::stripLogicalOperatorPrefix($perms_clause),
-                    $queryBuilder->expr()->in('uid', GeneralUtility::intExplode(',', $webMountPageTree))
+                    $queryBuilder->expr()->in(
+                        'uid',
+                        $queryBuilder->createNamedParameter(
+                            GeneralUtility::intExplode(',', $webMountPageTree),
+                            Connection::PARAM_INT_ARRAY
+                        )
+                    )
                 );
             } else {
                 $queryBuilder->where(
-                    $queryBuilder->expr()->in('pid', GeneralUtility::intExplode(',', $webMountPageTree))
+                    $queryBuilder->expr()->in(
+                        'pid',
+                        $queryBuilder->createNamedParameter(
+                            GeneralUtility::intExplode(',', $webMountPageTree),
+                            Connection::PARAM_INT_ARRAY
+                        )
+                    )
                 );
             }
         }
index 9b70124..5670a35 100644 (file)
@@ -132,7 +132,7 @@ class QueryView
             $queryBuilder->getRestrictions()->removeAll();
             $statement = $queryBuilder->select('uid', 'title')
                 ->from('sys_action')
-                ->where($queryBuilder->expr()->eq('type', $queryBuilder->createNamedParameter(2)))
+                ->where($queryBuilder->expr()->eq('type', $queryBuilder->createNamedParameter(2, \PDO::PARAM_INT)))
                 ->orderBy('title')
                 ->execute();
             $opt[] = '<option value="0">__Save to Action:__</option>';
@@ -250,7 +250,10 @@ class QueryView
                 ];
                 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('sys_action');
                 $queryBuilder->update('sys_action')
-                    ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                    ->where($queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    ))
                     ->set('t2_data', serialize($t2DataValue))
                     ->execute();
             }
@@ -614,7 +617,10 @@ class QueryView
                 $likes = [];
                 $excapedLikeString = '%' . $queryBuilder->escapeLikeWildcards($swords) . '%';
                 foreach ($fields as $field) {
-                    $likes[] = $queryBuilder->expr()->like($field, $queryBuilder->createNamedParameter($excapedLikeString));
+                    $likes[] = $queryBuilder->expr()->like(
+                        $field,
+                        $queryBuilder->createNamedParameter($excapedLikeString, \PDO::PARAM_STR)
+                    );
                 }
                 $count = $queryBuilder->orWhere(...$likes)->execute()->fetchColumn(0);
 
@@ -626,7 +632,10 @@ class QueryView
                         ->setMaxResults(200);
                     $likes = [];
                     foreach ($fields as $field) {
-                        $likes[] = $queryBuilder->expr()->like($field, $queryBuilder->createNamedParameter($excapedLikeString));
+                        $likes[] = $queryBuilder->expr()->like(
+                            $field,
+                            $queryBuilder->createNamedParameter($excapedLikeString, \PDO::PARAM_STR)
+                        );
                     }
                     $statement = $queryBuilder->orWhere(...$likes)->execute();
                     $lastRow = null;
@@ -888,7 +897,7 @@ class QueryView
             $statement = $queryBuilder->select('uid')
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$id),
+                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)),
                     QueryHelper::stripLogicalOperatorPrefix($permsClause)
                 )
                 ->execute();
@@ -1080,11 +1089,23 @@ class QueryView
                             if ($from_table === 'pages') {
                                 $queryBuilder->where(
                                     QueryHelper::stripLogicalOperatorPrefix($perms_clause),
-                                    $queryBuilder->expr()->in('uid', GeneralUtility::intExplode(',', $webMountPageTree))
+                                    $queryBuilder->expr()->in(
+                                        'uid',
+                                        $queryBuilder->createNamedParameter(
+                                            GeneralUtility::intExplode(',', $webMountPageTree),
+                                            Connection::PARAM_INT_ARRAY
+                                        )
+                                    )
                                 );
                             } else {
                                 $queryBuilder->where(
-                                    $queryBuilder->expr()->in('pid', GeneralUtility::intExplode(',', $webMountPageTree))
+                                    $queryBuilder->expr()->in(
+                                        'pid',
+                                        $queryBuilder->createNamedParameter(
+                                            GeneralUtility::intExplode(',', $webMountPageTree),
+                                            Connection::PARAM_INT_ARRAY
+                                        )
+                                    )
                                 );
                             }
                         }
index 745e21a..bb74cec 100644 (file)
@@ -215,9 +215,12 @@ class ReferenceIndex
         $queryBuilder = $connection->createQueryBuilder();
         $queryBuilder->getRestrictions()->removeAll();
         $queryResult = $queryBuilder->select('*')->from('sys_refindex')->where(
-            $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($tableName)),
-            $queryBuilder->expr()->eq('recuid', (int)$uid),
-            $queryBuilder->expr()->eq('workspace', (int)$this->getWorkspaceId())
+            $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($tableName, \PDO::PARAM_STR)),
+            $queryBuilder->expr()->eq('recuid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)),
+            $queryBuilder->expr()->eq(
+                'workspace',
+                $queryBuilder->createNamedParameter($this->getWorkspaceId(), \PDO::PARAM_INT)
+            )
         )->execute();
         $currentRelations = [];
         while ($relation = $queryResult->fetch()) {
@@ -822,7 +825,7 @@ class ReferenceIndex
                 ->select('*')
                 ->from('sys_refindex')
                 ->where(
-                    $queryBuilder->expr()->eq('hash', $queryBuilder->createNamedParameter($hash))
+                    $queryBuilder->expr()->eq('hash', $queryBuilder->createNamedParameter($hash, \PDO::PARAM_STR))
                 )
                 ->setMaxResults(1)
                 ->execute()
@@ -845,7 +848,10 @@ class ReferenceIndex
                 ->select('*')
                 ->from($referenceRecord['tablename'])
                 ->where(
-                    $queryBuilder->expr()->eq('uid',  (int)$referenceRecord['recuid'])
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($referenceRecord['recuid'], \PDO::PARAM_INT)
+                    )
                 )
                 ->setMaxResults(1)
                 ->execute()
@@ -1073,7 +1079,7 @@ class ReferenceIndex
                 ($configuration['type'] === 'select' || $configuration['type'] === 'inline')
                 && !empty($configuration['foreign_table'])
             )
-        ;
+            ;
     }
 
     /**
@@ -1094,7 +1100,7 @@ class ReferenceIndex
             $configuration['type'] === 'flex'
             ||
             isset($configuration['softref'])
-        ;
+            ;
     }
 
     /**
@@ -1212,8 +1218,14 @@ class ReferenceIndex
                 ->count('hash')
                 ->from('sys_refindex')
                 ->where(
-                    $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($tableName)),
-                    $queryBuilder->expr()->notIn('recuid', $uidList)
+                    $queryBuilder->expr()->eq(
+                        'tablename',
+                        $queryBuilder->createNamedParameter($tableName, \PDO::PARAM_STR)
+                    ),
+                    $queryBuilder->expr()->notIn(
+                        'recuid',
+                        $queryBuilder->createNamedParameter($uidList, Connection::PARAM_INT_ARRAY)
+                    )
                 )
                 ->execute()
                 ->fetchColumn(0);
@@ -1228,8 +1240,14 @@ class ReferenceIndex
                     $queryBuilder = $connectionPool->getQueryBuilderForTable('sys_refindex');
                     $queryBuilder->delete('sys_refindex')
                         ->where(
-                            $queryBuilder->expr()->eq('tablename', $queryBuilder->createNamedParameter($tableName)),
-                            $queryBuilder->expr()->notIn('recuid', $uidList)
+                            $queryBuilder->expr()->eq(
+                                'tablename',
+                                $queryBuilder->createNamedParameter($tableName, \PDO::PARAM_STR)
+                            ),
+                            $queryBuilder->expr()->notIn(
+                                'recuid',
+                                $queryBuilder->createNamedParameter($uidList, Connection::PARAM_INT_ARRAY)
+                            )
                         )->execute();
                 }
             }
index 6382d2e..6a955c4 100644 (file)
@@ -492,7 +492,13 @@ class RelationHandler
                 $queryBuilder->select('uid')
                     ->from($table)
                     ->where(
-                        $queryBuilder->expr()->in('uid', GeneralUtility::intExplode(',', $uidList))
+                        $queryBuilder->expr()->in(
+                            'uid',
+                            $queryBuilder->createNamedParameter(
+                                GeneralUtility::intExplode(',', $uidList),
+                                Connection::PARAM_INT_ARRAY
+                            )
+                        )
                     );
                 foreach (QueryHelper::parseOrderBy((string)$sortby) as $orderPair) {
                     list($fieldName, $order) = $orderPair;
@@ -533,11 +539,20 @@ class RelationHandler
                 // having previously allowed only one table, this case applies.
                 if ($this->currentTable == $this->MM_isMultiTableRelationship) {
                     $expression = $queryBuilder->expr()->orX(
-                        $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter($this->currentTable)),
-                        $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter(''))
+                        $queryBuilder->expr()->eq(
+                            'tablenames',
+                            $queryBuilder->createNamedParameter($this->currentTable, \PDO::PARAM_STR)
+                        ),
+                        $queryBuilder->expr()->eq(
+                            'tablenames',
+                            $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
+                        )
                     );
                 } else {
-                    $expression = $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter($this->currentTable));
+                    $expression = $queryBuilder->expr()->eq(
+                        'tablenames',
+                        $queryBuilder->createNamedParameter($this->currentTable, \PDO::PARAM_STR)
+                    );
                 }
                 $queryBuilder->andWhere($expression);
             }
@@ -555,11 +570,14 @@ class RelationHandler
         }
         foreach ($this->MM_match_fields as $field => $value) {
             $queryBuilder->andWhere(
-                $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value))
+                $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value, \PDO::PARAM_STR))
             );
         }
         $queryBuilder->andWhere(
-            $queryBuilder->expr()->eq($uidLocal_field, (int)$uid)
+            $queryBuilder->expr()->eq(
+                $uidLocal_field,
+                $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+            )
         );
         $queryBuilder->orderBy($sorting_field);
         $statement = $queryBuilder->execute();
@@ -637,7 +655,10 @@ class RelationHandler
             $queryBuilder->getRestrictions()->removeAll();
             $queryBuilder->select($uidForeign_field)
                 ->from($MM_tableName)
-                ->where($queryBuilder->expr()->eq($uidLocal_field, (int)$uid))
+                ->where($queryBuilder->expr()->eq(
+                    $uidLocal_field,
+                    $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                ))
                 ->orderBy($sorting_field);
 
             if ($prep) {
@@ -695,19 +716,33 @@ class RelationHandler
                     $queryBuilder->update($MM_tableName)
                         ->set($sorting_field, $c)
                         ->where(
-                            $expressionBuilder->eq($uidLocal_field, $uid),
-                            $expressionBuilder->eq($uidForeign_field, $val['id'])
+                            $expressionBuilder->eq(
+                                $uidLocal_field,
+                                $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                            ),
+                            $expressionBuilder->eq(
+                                $uidForeign_field,
+                                $queryBuilder->createNamedParameter($val['id'], \PDO::PARAM_INT)
+                            )
                         );
 
                     if ($additionalWhere->count()) {
                         $queryBuilder->andWhere($additionalWhere);
                     }
                     if ($this->MM_hasUidField) {
-                        $queryBuilder->andWhere($expressionBuilder->eq('uid', (int)$oldMMs_inclUid[$oldMMs_index][2]));
+                        $queryBuilder->andWhere(
+                            $expressionBuilder->eq(
+                                'uid',
+                                $queryBuilder->createNamedParameter($oldMMs_inclUid[$oldMMs_index][2], \PDO::PARAM_INT)
+                            )
+                        );
                     }
                     if ($tablename) {
                         $queryBuilder->andWhere(
-                            $expressionBuilder->eq('tablenames', $queryBuilder->createNamedParameter($tablename))
+                            $expressionBuilder->eq(
+                                'tablenames',
+                                $queryBuilder->createNamedParameter($tablename, \PDO::PARAM_STR)
+                            )
                         );
                     }
 
@@ -741,18 +776,21 @@ class RelationHandler
                 foreach ($oldMMs as $oldMM_key => $mmItem) {
                     // If UID field is present, of course we need only use that for deleting.
                     if ($this->MM_hasUidField) {
-                        $removeClauses->add($queryBuilder->expr()->eq('uid', (int)$oldMMs_inclUid[$oldMM_key][2]));
+                        $removeClauses->add($queryBuilder->expr()->eq(
+                            'uid',
+                            $queryBuilder->createNamedParameter($oldMMs_inclUid[$oldMM_key][2], \PDO::PARAM_INT)
+                        ));
                     } else {
                         if (is_array($mmItem)) {
                             $removeClauses->add(
                                 $queryBuilder->expr()->andX(
                                     $queryBuilder->expr()->eq(
                                         'tablenames',
-                                        $queryBuilder->createNamedParameter($mmItem[0])
+                                        $queryBuilder->createNamedParameter($mmItem[0], \PDO::PARAM_STR)
                                     ),
                                     $queryBuilder->expr()->eq(
                                         $uidForeign_field,
-                                        $queryBuilder->createNamedParameter($mmItem[1])
+                                        $queryBuilder->createNamedParameter($mmItem[1], \PDO::PARAM_INT)
                                     )
                                 )
                             );
@@ -760,7 +798,7 @@ class RelationHandler
                             $removeClauses->add(
                                 $queryBuilder->expr()->eq(
                                     $uidForeign_field,
-                                    $queryBuilder->createNamedParameter($mmItem)
+                                    $queryBuilder->createNamedParameter($mmItem, \PDO::PARAM_INT)
                                 )
                             );
                         }
@@ -776,7 +814,10 @@ class RelationHandler
 
                 $queryBuilder->delete($MM_tableName)
                     ->where(
-                        $queryBuilder->expr()->eq($uidLocal_field, (int)$uid),
+                        $queryBuilder->expr()->eq(
+                            $uidLocal_field,
+                            $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                        ),
                         $removeClauses
                     );
 
@@ -827,12 +868,18 @@ class RelationHandler
                 ->createQueryBuilder();
             $queryBuilder->update($MM_tableName)
                 ->set($uidLocal_field, (int)$newUid)
-                ->where($queryBuilder->expr()->eq($uidLocal_field, (int)$uid));
+                ->where($queryBuilder->expr()->eq(
+                    $uidLocal_field,
+                    $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                ));
             // Boolean: does the field "tablename" need to be filled?
             $prep = $tableC > 1 || $prependTableName || $this->MM_isMultiTableRelationship;
             if ($this->MM_is_foreign && $prep) {
                 $queryBuilder->andWhere(
-                    $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter($this->currentTable))
+                    $queryBuilder->expr()->eq(
+                        'tablenames',
+                        $queryBuilder->createNamedParameter($this->currentTable, \PDO::PARAM_STR)
+                    )
                 );
             }
             // Add WHERE clause if configured
@@ -844,7 +891,7 @@ class RelationHandler
             // Select, update or delete only those relations that match the configured fields
             foreach ($this->MM_match_fields as $field => $value) {
                 $queryBuilder->andWhere(
-                    $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value))
+                    $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value, \PDO::PARAM_STR))
                 );
             }
             $queryBuilder->execute();
@@ -887,12 +934,21 @@ class RelationHandler
         if ($conf['symmetric_field']) {
             $queryBuilder->where(
                 $queryBuilder->expr()->orX(
-                    $queryBuilder->expr()->eq($conf['foreign_field'], $uid),
-                    $queryBuilder->expr()->eq($conf['symmetric_field'], $uid)
+                    $queryBuilder->expr()->eq(
+                        $conf['foreign_field'],
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        $conf['symmetric_field'],
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    )
                 )
             );
         } else {
-            $queryBuilder->where($queryBuilder->expr()->eq($conf['foreign_field'], $uid));
+            $queryBuilder->where($queryBuilder->expr()->eq(
+                $conf['foreign_field'],
+                $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+            ));
         }
         // If it's requested to look for the parent uid AND the parent table,
         // add an additional SQL-WHERE clause
@@ -900,21 +956,27 @@ class RelationHandler
             $queryBuilder->andWhere(
                 $queryBuilder->expr()->eq(
                     $foreign_table_field,
-                    $queryBuilder->createNamedParameter($this->currentTable)
+                    $queryBuilder->createNamedParameter($this->currentTable, \PDO::PARAM_STR)
                 )
             );
         }
         // Add additional where clause if foreign_match_fields are defined
         foreach ($foreign_match_fields as $field => $value) {
             $queryBuilder->andWhere(
-                $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value))
+                $queryBuilder->expr()->eq($field, $queryBuilder->createNamedParameter($value, \PDO::PARAM_STR))
             );
         }
         // Select children from the live(!) workspace only
         if (BackendUtility::isTableWorkspaceEnabled($foreign_table)) {
             $queryBuilder->andWhere(
-                $queryBuilder->expr()->in($foreign_table . '.t3ver_wsid', [0, (int)$this->getWorkspaceId()]),
-                $queryBuilder->expr()->neq($foreign_table . '.pid', -1)
+                $queryBuilder->expr()->in(
+                    $foreign_table . '.t3ver_wsid',
+                    $queryBuilder->createNamedParameter([0, (int)$this->getWorkspaceId()], Connection::PARAM_INT_ARRAY)
+                ),
+                $queryBuilder->expr()->neq(
+                    $foreign_table . '.pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                )
             );
         }
         // Get the correct sorting field
@@ -924,6 +986,7 @@ class RelationHandler
             if ($conf['symmetric_sortby'] && $conf['symmetric_field']) {
                 // Sorting depends on, from which side of the relation we're looking at it
                 // This requires bypassing automatic quoting and setting of the default sort direction
+                // @TODO: Doctrine: generalize to standard SQL to guarantee database independency
                 $queryBuilder->add(
                     'orderBy',
                     'CASE
@@ -1186,7 +1249,13 @@ class RelationHandler
                     $queryBuilder->getRestrictions()->removeAll();
                     $queryBuilder->select(...(GeneralUtility::trimExplode(',', $fields, true)))
                         ->from($table)
-                        ->where($queryBuilder->expr()->in('uid', GeneralUtility::intExplode(',', $itemList)));
+                        ->where($queryBuilder->expr()->in(
+                            'uid',
+                            $queryBuilder->createNamedParameter(
+                                GeneralUtility::intExplode(',', $itemList),
+                                Connection::PARAM_INT_ARRAY
+                            )
+                        ));
                     if ($this->additionalWhere[$table]) {
                         $queryBuilder->andWhere(QueryHelper::stripLogicalOperatorPrefix($this->additionalWhere[$table]));
                     }
@@ -1392,7 +1461,6 @@ class RelationHandler
      */
     protected function purgeVersionedIds($tableName, array $ids)
     {
-        $ids = array_map('intval', $ids);
         $ids = array_combine($ids, $ids);
 
         $queryBuilder = $this->getConnectionForTableName($tableName)
@@ -1401,9 +1469,18 @@ class RelationHandler
         $versions = $queryBuilder->select('uid', 't3ver_oid', 't3ver_state')
             ->from($tableName)
             ->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->in('t3ver_oid', $ids),
-                $queryBuilder->expr()->neq('t3ver_wsid', 0)
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->in(
+                    't3ver_oid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                ),
+                $queryBuilder->expr()->neq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
             )
             ->orderBy('t3ver_state', 'DESC')
             ->execute()
@@ -1430,7 +1507,6 @@ class RelationHandler
      */
     protected function purgeLiveVersionedIds($tableName, array $ids)
     {
-        $ids = array_map('intval', $ids);
         $ids = array_combine($ids, $ids);
 
         $queryBuilder = $this->getConnectionForTableName($tableName)
@@ -1439,9 +1515,18 @@ class RelationHandler
         $versions = $queryBuilder->select('uid', 't3ver_oid', 't3ver_state')
             ->from($tableName)
             ->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->in('t3ver_oid', $ids),
-                $queryBuilder->expr()->neq('t3ver_wsid', 0)
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->in(
+                    't3ver_oid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                ),
+                $queryBuilder->expr()->neq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                )
             )
             ->orderBy('t3ver_state', 'DESC')
             ->execute()
@@ -1469,7 +1554,6 @@ class RelationHandler
      */
     protected function purgeDeletePlaceholder($tableName, array $ids)
     {
-        $ids = array_map('intval', $ids);
         $ids = array_combine($ids, $ids);
 
         $queryBuilder = $this->getConnectionForTableName($tableName)
@@ -1478,10 +1562,28 @@ class RelationHandler
         $versions = $queryBuilder->select('uid', 't3ver_oid', 't3ver_state')
             ->from($tableName)
             ->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->in('t3ver_oid', $ids),
-                $queryBuilder->expr()->neq('t3ver_wsid', (int)$this->getWorkspaceId()),
-                $queryBuilder->expr()->eq('t3ver_state', (int)VersionState::cast(VersionState::DELETE_PLACEHOLDER))
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->in(
+                    't3ver_oid',
+                    $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                ),
+                $queryBuilder->expr()->neq(
+                    't3ver_wsid',
+                    $queryBuilder->createNamedParameter(
+                        $this->getWorkspaceId(),
+                        \PDO::PARAM_INT
+                    )
+                ),
+                $queryBuilder->expr()->eq(
+                    't3ver_state',
+                    $queryBuilder->createNamedParameter(
+                        (string)VersionState::cast(VersionState::DELETE_PLACEHOLDER),
+                        \PDO::PARAM_INT
+                    )
+                )
             )
             ->execute()
             ->fetchAll();
index 9de3cfd..00c6140 100644 (file)
@@ -1268,8 +1268,14 @@ class SchemaMigrator
             )
             ->from('information_schema.TABLES')
             ->where(
-                $queryBuilder->expr()->eq('TABLE_TYPE', $queryBuilder->quote('BASE TABLE')),
-                $queryBuilder->expr()->eq('TABLE_SCHEMA', $queryBuilder->quote($connection->getDatabase()))
+                $queryBuilder->expr()->eq(
+                    'TABLE_TYPE',
+                    $queryBuilder->createNamedParameter('BASE TABLE', \PDO::PARAM_STR)
+                ),
+                $queryBuilder->expr()->eq(
+                    'TABLE_SCHEMA',
+                    $queryBuilder->createNamedParameter($connection->getDatabase(), \PDO::PARAM_STR)
+                )
             )
             ->execute();
 
index 0add7fa..3105238 100644 (file)
@@ -338,7 +338,10 @@ class FrontendEditingController
             $currentRecord = $queryBuilder
                 ->select(...$fields)
                 ->from($table)
-                ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                ->where($queryBuilder->expr()->eq(
+                    'uid',
+                    $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                ))
                 ->execute()
                 ->fetch();
 
@@ -351,7 +354,10 @@ class FrontendEditingController
                 $queryBuilder
                     ->select('uid', 'pid')
                     ->from($table)
-                    ->where($queryBuilder->expr()->eq('pid', (int)$currentRecord['pid']))
+                    ->where($queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter($currentRecord['pid'], \PDO::PARAM_INT)
+                    ))
                     ->setMaxResults(2);
 
                 // Disable the default restrictions (but not all) if the admin panel is in preview mode
@@ -365,15 +371,28 @@ class FrontendEditingController
 
                 if (!empty($copyAfterDuplicateFields)) {
                     foreach ($copyAfterDuplicateFields as $fieldName) {
-                        $queryBuilder->andWhere($queryBuilder->expr()->eq($fieldName, $currentRecord[$fieldName]));
+                        $queryBuilder->andWhere($queryBuilder->expr()->eq(
+                            $fieldName,
+                            $queryBuilder->createNamedParameter($currentRecord[$fieldName], \PDO::PARAM_STR)
+                        ));
                     }
                 }
                 if (!empty($direction)) {
                     if ($direction === 'up') {
-                        $queryBuilder->andWhere($queryBuilder->expr()->lt($sortField, (int)$currentRecord[$sortField]));
+                        $queryBuilder->andWhere(
+                            $queryBuilder->expr()->lt(
+                                $sortField,
+                                $queryBuilder->createNamedParameter($currentRecord[$sortField], \PDO::PARAM_INT)
+                            )
+                        );
                         $queryBuilder->orderBy($sortField, 'DESC');
                     } else {
-                        $queryBuilder->andWhere($queryBuilder->expr()->gt($sortField, (int)$currentRecord[$sortField]));
+                        $queryBuilder->andWhere(
+                            $queryBuilder->expr()->gt(
+                                $sortField,
+                                $queryBuilder->createNamedParameter($currentRecord[$sortField], \PDO::PARAM_INT)
+                            )
+                        );
                         $queryBuilder->orderBy($sortField, 'ASC');
                     }
                 }
index ebde44c..c89c5e2 100644 (file)
@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Core\Integrity;
 
 use Doctrine\DBAL\Types\Type;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
 use TYPO3\CMS\Core\Database\RelationHandler;
@@ -112,12 +113,12 @@ class DatabaseIntegrityCheck
         if ($versions) {
             $queryBuilder->addSelect('t3ver_wsid', 't3ver_id', 't3ver_count');
             $queryBuilder->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->eq('t3ver_oid', (int)$theID)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq('t3ver_oid', $queryBuilder->createNamedParameter($theID, \PDO::PARAM_INT))
             );
         } else {
             $queryBuilder->where(
-                $queryBuilder->expr()->eq('pid', (int)$theID)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($theID, \PDO::PARAM_INT))
             );
         }
         $result = $queryBuilder->execute();
@@ -178,12 +179,12 @@ class DatabaseIntegrityCheck
         // Select all records from table pointing to this page
         if ($versions) {
             $queryBuilder->where(
-                $queryBuilder->expr()->eq('pid', -1),
-                $queryBuilder->expr()->eq('t3ver_oid', (int)$theID)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->eq('t3ver_oid', $queryBuilder->createNamedParameter($theID, \PDO::PARAM_INT))
             );
         } else {
             $queryBuilder->where(
-                $queryBuilder->expr()->eq('pid', (int)$theID)
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($theID, \PDO::PARAM_INT))
             );
         }
         $queryResult = $queryBuilder->execute();
@@ -229,7 +230,10 @@ class DatabaseIntegrityCheck
                 $queryResult = $queryBuilder->select('uid', 'pid', $GLOBALS['TCA'][$table]['ctrl']['label'])
                     ->from($table)
                     ->where(
-                        $queryBuilder->expr()->notIn('pid', $pageIdsForTable)
+                        $queryBuilder->expr()->notIn(
+                            'pid',
+                            $queryBuilder->createNamedParameter($pageIdsForTable, Connection::PARAM_INT_ARRAY)
+                        )
                     )
                     ->execute();
                 $lostIdList = [];
@@ -298,7 +302,12 @@ class DatabaseIntegrityCheck
                 $queryBuilder->getRestrictions()->removeAll();
                 $count = $queryBuilder->count('uid')
                     ->from($table)
-                    ->where($queryBuilder->expr()->in('pid', $pageIds))
+                    ->where(
+                        $queryBuilder->expr()->in(
+                            'pid',
+                            $queryBuilder->createNamedParameter($pageIds, Connection::PARAM_INT_ARRAY)
+                        )
+                    )
                     ->execute()
                     ->fetchColumn(0);
                 if ($count) {
@@ -312,7 +321,12 @@ class DatabaseIntegrityCheck
                     ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
                 $count = $queryBuilder->count('uid')
                     ->from($table)
-                    ->where($queryBuilder->expr()->in('pid', $pageIdsForTable))
+                    ->where(
+                        $queryBuilder->expr()->in(
+                            'pid',
+                            $queryBuilder->createNamedParameter($pageIdsForTable, Connection::PARAM_INT_ARRAY)
+                        )
+                    )
                     ->execute()
                     ->fetchColumn(0);
                 if ($count) {
@@ -429,12 +443,18 @@ class DatabaseIntegrityCheck
                         )) {
                             $whereClause[] = $queryBuilder->expr()->andX(
                                 $queryBuilder->expr()->isNotNull($fieldName),
-                                $queryBuilder->expr()->neq($fieldName, 0)
+                                $queryBuilder->expr()->neq(
+                                    $fieldName,
+                                    $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)
+                                )
                             );
                         } elseif (in_array($fieldType, [Type::STRING, Type::TEXT], true)) {
                             $whereClause[] = $queryBuilder->expr()->andX(
                                 $queryBuilder->expr()->isNotNull($fieldName),
-                                $queryBuilder->expr()->neq($fieldName, $queryBuilder->quote(''))
+                                $queryBuilder->expr()->neq(
+                                    $fieldName,
+                                    $queryBuilder->createNamedParameter('', \PDO::PARAM_STR)
+                                )
                             );
                         }
                     }
@@ -594,7 +614,6 @@ class DatabaseIntegrityCheck
         foreach ($theArray as $table => $dbArr) {
             if ($GLOBALS['TCA'][$table]) {
                 $ids = array_keys($dbArr);
-                $ids = array_map('intval', $ids);
                 if (!empty($ids)) {
                     $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
                         ->getQueryBuilderForTable($table);
@@ -605,7 +624,10 @@ class DatabaseIntegrityCheck
                         ->select('uid')
                         ->from($table)
                         ->where(
-                            $queryBuilder->expr()->in('uid', $ids)
+                            $queryBuilder->expr()->in(
+                                'uid',
+                                $queryBuilder->createNamedParameter($ids, Connection::PARAM_INT_ARRAY)
+                            )
                         )
                         ->execute();
                     while ($row = $queryResult->fetch()) {
index a6e663d..63c4d95 100644 (file)
@@ -143,7 +143,10 @@ abstract class AbstractRepository implements RepositoryInterface, SingletonInter
 
         if (!empty($this->type)) {
             $queryBuilder->where(
-                $queryBuilder->expr()->eq($this->typeField, $queryBuilder->createNamedParameter($this->type))
+                $queryBuilder->expr()->eq(
+                    $this->typeField,
+                    $queryBuilder->createNamedParameter($this->type, \PDO::PARAM_STR)
+                )
             );
         }
         $result = $queryBuilder->execute();
@@ -208,7 +211,7 @@ abstract class AbstractRepository implements RepositoryInterface, SingletonInter
             ->select('*')
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('uid', (int)$uid)
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
             )
             ->execute()
             ->fetch();
index 3da7c97..0a9fa5f 100644 (file)
@@ -74,8 +74,14 @@ class CategoryBasedFileCollection extends AbstractFileCollection
                 )
             )
             ->where(
-                $queryBuilder->expr()->eq('sys_category.uid', (int)$this->getItemsCriteria()),
-                $queryBuilder->expr()->eq('sys_category_record_mm.tablenames', $queryBuilder->createNamedParameter('sys_file_metadata'))
+                $queryBuilder->expr()->eq(
+                    'sys_category.uid',
+                    $queryBuilder->createNamedParameter($this->getItemsCriteria(), \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq(
+                    'sys_category_record_mm.tablenames',
+                    $queryBuilder->createNamedParameter('sys_file_metadata', \PDO::PARAM_STR)
+                )
             )
             ->execute();
         $resourceFactory = ResourceFactory::getInstance();
index 1ced896..072e2de 100644 (file)
@@ -91,9 +91,18 @@ class FileRepository extends AbstractRepository
                 ->select('uid')
                 ->from('sys_file_reference')
                 ->where(
-                    $queryBuilder->expr()->eq('uid_foreign', (int)$uid),
-                    $queryBuilder->expr()->eq('tablenames', $queryBuilder->createNamedParameter($tableName)),
-                    $queryBuilder->expr()->eq('fieldname', $queryBuilder->createNamedParameter($fieldName))
+                    $queryBuilder->expr()->eq(
+                        'uid_foreign',
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'tablenames',
+                        $queryBuilder->createNamedParameter($tableName, \PDO::PARAM_STR)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'fieldname',
+                        $queryBuilder->createNamedParameter($fieldName, \PDO::PARAM_STR)
+                    )
                 )
                 ->orderBy('sorting_foreign')
                 ->execute();
index 2537d1d..2e1fdf4 100644 (file)
@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Core\Resource\Index;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\ReferenceIndex;
 use TYPO3\CMS\Core\Resource\File;
@@ -98,7 +99,7 @@ class FileIndexRepository implements SingletonInterface
             ->select(...$this->fields)
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('uid', (int)$fileUid)
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($fileUid, \PDO::PARAM_INT))
             )
             ->execute()
             ->fetch();
@@ -139,7 +140,7 @@ class FileIndexRepository implements SingletonInterface
             ->select(...$this->fields)
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('storage', (int)$storageUid),
+                $queryBuilder->expr()->eq('storage', $queryBuilder->createNamedParameter($storageUid, \PDO::PARAM_INT)),
                 $queryBuilder->expr()->eq('identifier_hash', $queryBuilder->createNamedParameter($identifierHash))
             )
             ->execute()
@@ -183,7 +184,7 @@ class FileIndexRepository implements SingletonInterface
             ->select(...$this->fields)
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('sha1', $queryBuilder->createNamedParameter($hash))
+                $queryBuilder->expr()->eq('sha1', $queryBuilder->createNamedParameter($hash), \PDO::PARAM_STR)
             )
             ->execute()
             ->fetchAll();
@@ -208,9 +209,12 @@ class FileIndexRepository implements SingletonInterface
             ->where(
                 $queryBuilder->expr()->eq(
                     'folder_hash',
-                    $queryBuilder->createNamedParameter($folder->getHashedIdentifier())
+                    $queryBuilder->createNamedParameter($folder->getHashedIdentifier(), \PDO::PARAM_STR)
                 ),
-                $queryBuilder->expr()->eq('storage', (int)$folder->getStorage()->getUid())
+                $queryBuilder->expr()->eq(
+                    'storage',
+                    $queryBuilder->createNamedParameter($folder->getStorage()->getUid(), \PDO::PARAM_INT)
+                )
             )
             ->execute();
 
@@ -255,22 +259,25 @@ class FileIndexRepository implements SingletonInterface
             ->where(
                 $queryBuilder->expr()->in(
                     'folder_hash',
-                    array_map([$queryBuilder, 'createNamedParameter'], $folderIdentifiers)
+                    $queryBuilder->createNamedParameter($folderIdentifiers, Connection::PARAM_INT_ARRAY)
                 ),
-                $queryBuilder->expr()->in('storage', $storageUids)
+                $queryBuilder->expr()->in(
+                    'storage',
+                    $queryBuilder->createNamedParameter($storageUids, Connection::PARAM_INT_ARRAY)
+                )
             );
 
         if (isset($fileName)) {
             $queryBuilder->andWhere(
                 $queryBuilder->expr()->like(
                     'name',
-                    $queryBuilder->createNamedParameter('%' . $queryBuilder->escapeLikeWildcards($fileName) . '%')
+                    $queryBuilder->createNamedParameter('%' . $queryBuilder->escapeLikeWildcards($fileName) . '%', \PDO::PARAM_STR)
                 )
             );
         }
 
         if (!$includeMissing) {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq('missing', 0));
+            $queryBuilder->andWhere($queryBuilder->expr()->eq('missing', $queryBuilder->createNamedParameter(0, \PDO::PARAM_INT)));
         }
 
         $result = $queryBuilder->execute();
@@ -347,14 +354,17 @@ class FileIndexRepository implements SingletonInterface
 
         if ((int)$file->_getPropertyRaw('uid') > 0) {
             $constraints = [
-                $queryBuilder->expr()->eq('uid', (int)$file->getUid())
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($file->getUid(), \PDO::PARAM_INT))
             ];
         } else {
             $constraints = [
-                $queryBuilder->expr()->eq('storage', (int)$file->getStorage()->getUid()),
+                $queryBuilder->expr()->eq(
+                    'storage',
+                    $queryBuilder->createNamedParameter($file->getStorage()->getUid(), \PDO::PARAM_INT)
+                ),
                 $queryBuilder->expr()->eq(
                     'identifier',
-                    $queryBuilder->createNamedParameter($file->_getPropertyRaw('identifier'))
+                    $queryBuilder->createNamedParameter($file->_getPropertyRaw('identifier'), \PDO::PARAM_STR)
                 )
             ];
         }
@@ -426,7 +436,7 @@ class FileIndexRepository implements SingletonInterface
             ->from($this->table)
             ->where(
                 $queryBuilder->expr()->gt('tstamp', $queryBuilder->quoteIdentifier('last_indexed')),
-                $queryBuilder->expr()->eq('storage', (int)$storage->getUid())
+                $queryBuilder->expr()->eq('storage', $queryBuilder->createNamedParameter($storage->getUid(), \PDO::PARAM_INT))
             )
             ->orderBy('tstamp', 'ASC')
             ->execute()
@@ -450,11 +460,19 @@ class FileIndexRepository implements SingletonInterface
             ->select(...$this->fields)
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('storage', (int)$storage->getUid())
+                $queryBuilder->expr()->eq(
+                    'storage',
+                    $queryBuilder->createNamedParameter($storage->getUid(), \PDO::PARAM_INT)
+                )
             );
 
         if (!empty($uidList)) {
-            $queryBuilder->andWhere($queryBuilder->expr()->notIn('uid', array_map('intval', $uidList)));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->notIn(
+                    'uid',
+                    $queryBuilder->createNamedParameter($uidList, Connection::PARAM_INT_ARRAY)
+                )
+            );
         }
 
         $rows = $queryBuilder->execute()->fetchAll();
index 7bdd568..6ae2c0b 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\Resource\Index;
  * The TYPO3 project - inspiring people to share!
  */
 
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction;
 use TYPO3\CMS\Core\Resource\Exception\InvalidUidException;
@@ -100,8 +101,8 @@ class MetaDataRepository implements SingletonInterface
             ->select('*')
             ->from($this->tableName)
             ->where(
-                $queryBuilder->expr()->eq('file', $uid),
-                $queryBuilder->expr()->in('sys_language_uid', [0, -1])
+                $queryBuilder->expr()->eq('file', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)),
+                $queryBuilder->expr()->in('sys_language_uid', $queryBuilder->createNamedParameter([0, -1], Connection::PARAM_INT_ARRAY))
             )
             ->execute()
             ->fetch();
index 5068248..ee9a698 100644 (file)
@@ -102,8 +102,14 @@ class ProcessedFileRepository extends AbstractRepository
                 ->select('*')
                 ->from($this->table)
                 ->where(
-                    $queryBuilder->expr()->eq('storage', (int)$storage->getUid()),
-                    $queryBuilder->expr()->eq('identifier', $queryBuilder->createNamedParameter($identifier))
+                    $queryBuilder->expr()->eq(
+                        'storage',
+                        $queryBuilder->createNamedParameter($storage->getUid(), \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->eq(
+                        'identifier',
+                        $queryBuilder->createNamedParameter($identifier, \PDO::PARAM_STR)
+                    )
                 )
                 ->execute()
                 ->fetch();
@@ -180,9 +186,15 @@ class ProcessedFileRepository extends AbstractRepository
             ->select('*')
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('original', (int)$file->getUid()),
-                $queryBuilder->expr()->eq('task_type', $queryBuilder->createNamedParameter($taskType)),
-                $queryBuilder->expr()->eq('configurationsha1', $queryBuilder->createNamedParameter(sha1(serialize($configuration))))
+                $queryBuilder->expr()->eq(
+                    'original',
+                    $queryBuilder->createNamedParameter($file->getUid(), \PDO::PARAM_INT)
+                ),
+                $queryBuilder->expr()->eq('task_type', $queryBuilder->createNamedParameter($taskType, \PDO::PARAM_STR)),
+                $queryBuilder->expr()->eq(
+                    'configurationsha1',
+                    $queryBuilder->createNamedParameter(sha1(serialize($configuration)), \PDO::PARAM_STR)
+                )
             )
             ->execute()
             ->fetch();
@@ -212,7 +224,10 @@ class ProcessedFileRepository extends AbstractRepository
             ->select('*')
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->eq('original', (int)$file->getUid())
+                $queryBuilder->expr()->eq(
+                    'original',
+                    $queryBuilder->createNamedParameter($file->getUid(), \PDO::PARAM_INT)
+                )
             )
             ->execute();
 
@@ -236,7 +251,7 @@ class ProcessedFileRepository extends AbstractRepository
             ->select('*')
             ->from($this->table)
             ->where(
-                $queryBuilder->expr()->neq('identifier', $queryBuilder->quote(''))
+                $queryBuilder->expr()->neq('identifier', $queryBuilder->createNamedParameter('', \PDO::PARAM_STR))
             )
             ->execute();
 
index 82f61b1..7530d82 100644 (file)
@@ -295,7 +295,12 @@ class ResourceFactory implements ResourceFactoryInterface, \TYPO3\CMS\Core\Singl
                 $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class));
                 $recordData = $queryBuilder->select('*')
                     ->from('sys_file_collection')
-                    ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                    ->where(
+                        $queryBuilder->expr()->eq(
+                            'uid',
+                            $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                        )
+                    )
                     ->execute()
                     ->fetch();
                 if (empty($recordData)) {
@@ -653,7 +658,12 @@ class ResourceFactory implements ResourceFactoryInterface, \TYPO3\CMS\Core\Singl
             $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class));
             $fileReferenceData = $queryBuilder->select('*')
                 ->from('sys_file_reference')
-                ->where($queryBuilder->expr()->eq('uid', (int)$uid))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                    )
+                )
                 ->execute()
                 ->fetch();
         }
index b3d5d32..a583ca0 100644 (file)
@@ -294,7 +294,7 @@ abstract class FunctionalTestCase extends BaseTestCase
 
         $userRow = $queryBuilder->select('*')
             ->from('be_users')
-            ->where($queryBuilder->expr()->eq('uid', (int) $userUid))
+            ->where($queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($userUid, \PDO::PARAM_INT)))
             ->execute()
             ->fetch();
 
index d6e00ca..49e7d1c 100644 (file)
@@ -334,7 +334,12 @@ class DatabaseTreeDataProvider extends AbstractTableConfigurationTreeDataProvide
             $queryBuilder->getRestrictions()->removeAll();
             $nodeData = $queryBuilder->select('*')
                 ->from($this->getTableName())
-                ->where($queryBuilder->expr()->eq('uid', $node->getId()))
+                ->where(
+                    $queryBuilder->expr()->eq(
+                        'uid',
+                        $queryBuilder->createNamedParameter($node->getId(), \PDO::PARAM_INT)
+                    )
+                )
                 ->setMaxResults(1)
                 ->execute()
                 ->fetch();
@@ -452,7 +457,12 @@ class DatabaseTreeDataProvider extends AbstractTableConfigurationTreeDataProvide
                     $queryBuilder->getRestrictions()->removeAll();
                     $records = $queryBuilder->select('uid')
                         ->from($this->getTableName())
-                        ->where($queryBuilder->expr()->eq($this->columnConfiguration['foreign_field'], (int)$uid))
+                        ->where(
+                            $queryBuilder->expr()->eq(
+                                $this->columnConfiguration['foreign_field'],
+                                $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT)
+                            )
+                        )
                         ->execute()
                         ->fetchAll();
 
index c6edd44..e510399 100644 (file)
@@ -864,7 +864,9 @@ class ExtendedTemplateService extends TemplateService
         $queryBuilder = $this->getTemplateQueryBuilder($pid)
             ->setMaxResults(1);
         if ($templateUid) {
-            $queryBuilder->andWhere($queryBuilder->expr()->eq('uid', (int)$templateUid));
+            $queryBuilder->andWhere(
+                $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($templateUid, \PDO::PARAM_INT))
+            );
         }
         $row = $queryBuilder->execute()->fetch();
         BackendUtility::workspaceOL('sys_template', $row);
@@ -910,7 +912,9 @@ class ExtendedTemplateService extends TemplateService
             ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
         $queryBuilder->select('*')
             ->from('sys_template')
-            ->where($queryBuilder->expr()->eq('pid', (int)$pid));
+            ->where(
+                $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($pid, \PDO::PARAM_INT))
+            );
         if (!empty($GLOBALS['TCA']['sys_template']['ctrl']['sortby'])) {
             $queryBuilder->orderBy($GLOBALS['TCA']['sys_template']['ctrl']['sortby']);
         }
index a990176..89c4444 100644 (file)
@@ -16,6 +16,7 @@ namespace TYPO3\CMS\Core\TypoScript;
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Cache\CacheManager;
+use TYPO3\CMS\Core\Database\Connection;
 use TYPO3\CMS\Core\Database\ConnectionPool;
 use TYPO3\CMS\Core\Database\Query\Restriction\AbstractRestrictionContainer;
 use TYPO3\CMS\Core\Database\Query\Restriction\DefaultRestrictionContainer;
@@ -611,7 +612,12 @@ class TemplateService
                 $queryResult = $queryBuilder
                     ->select('*')
                     ->from('sys_template')
-                    ->where($queryBuilder->expr()->eq('uid', (int)$this->nextLevel))
+                    ->where(
+                        $queryBuilder->expr()->eq(
+                            'uid',
+                            $queryBuilder->createNamedParameter($this->nextLevel, \PDO::PARAM_INT)
+                        )
+                    )
                     ->execute();
                 $this->nextLevel = 0;
                 if ($row = $queryResult->fetch()) {
@@ -624,11 +630,17 @@ class TemplateService
             }
 
             $where = [
-                $queryBuilder->expr()->eq('pid', (int)$this->absoluteRootLine[$a]['uid'])
+                $queryBuilder->expr()->eq(
+                    'pid',
+                    $queryBuilder->createNamedParameter($this->absoluteRootLine[$a]['uid'], \PDO::PARAM_INT)
+                )
             ];
             // If first loop AND there is set an alternative template uid, use that
             if ($a === $c - 1 && $start_template_uid) {
-                $where[] = $queryBuilder->expr()->eq('uid', (int)$start_template_uid);
+                $where[] = $queryBuilder->expr()->eq(
+                    'uid',
+                    $queryBuilder->createNamedParameter($start_template_uid, \PDO::PARAM_INT)
+                );
             }
             $queryBuilder->setRestrictions($this->queryBuilderRestrictions);
             $queryResult = $queryBuilder
@@ -725,7 +737,10 @@ class TemplateService
                     ->select('*')
                     ->from('sys_template')
                     ->where(
-                        $queryBuilder->expr()->in('uid', $basedOnIds)
+                        $queryBuilder->expr()->in(
+                            'uid',
+                            $queryBuilder->createNamedParameter($basedOnIds, Connection::PARAM_INT_ARRAY)
+                        )
                     )
                     ->execute();
                 // make it an associative array with the UID as key
@@ -1690,9 +1705,18 @@ class TemplateService
                 ->select('uid', 'pid', 'doktype', 'mount_pid', 'mount_pid_ol')
                 ->from('pages')
                 ->where(
-                    $queryBuilder->expr()->eq('pid', (int)$id),
-                    $queryBuilder->expr()->neq('doktype', PageRepository::DOKTYPE_RECYCLER),
-                    $queryBuilder->expr()->neq('doktype', PageRepository::DOKTYPE_BE_USER_SECTION)
+                    $queryBuilder->expr()->eq(
+                        'pid',
+                        $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->neq(
+                        'doktype',
+                        $queryBuilder->createNamedParameter(PageRepository::DOKTYPE_RECYCLER, \PDO::PARAM_INT)
+                    ),
+                    $queryBuilder->expr()->neq(
+                        'doktype',
+                        $queryBuilder->createNamedParameter(PageRepository::DOKTYPE_BE_USER_SECTION, \PDO::PARAM_INT)
+                    )
                 )->execute();
             while ($row = $queryResult->fetch()) {
                 // Find mount point if any: