[!!!][FEATURE] Implement pre- and post-hook around SELECT queries 11/18411/4
authorSoren Malling <soren.malling@gmail.com>
Thu, 21 Feb 2013 10:22:58 +0000 (11:22 +0100)
committerGeorg Ringer <georg.ringer@gmail.com>
Tue, 2 Apr 2013 06:17:52 +0000 (08:17 +0200)
To use in example content/record security,
a hook is implemented before and after the SELECT call.

The interface introduces a new function that needs to be
implemented to avoid breaking functionality!

The SELECT call is the only database call without such hook

Resolves: #45699
Releases: 6.1
Change-Id: I915bd2422e3d6743a408ea53af7e6491cfe2657a
Reviewed-on: https://review.typo3.org/18411
Reviewed-by: Dmitry Dulepov
Reviewed-by: Mattias Nilsson
Tested-by: Dmitry Dulepov
Reviewed-by: Wouter Wolters
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
typo3/sysext/core/Classes/Database/DatabaseConnection.php
typo3/sysext/core/Classes/Database/PostProcessQueryHookInterface.php
typo3/sysext/core/Classes/Database/PreProcessQueryHookInterface.php

index 5b0c22d..23c5b4c 100644 (file)
@@ -231,6 +231,9 @@ class DatabaseConnection {
                if ($this->explainOutput) {
                        $this->explain($query, $from_table, $res->num_rows);
                }
+               foreach ($this->postProcessHookObjects as $hookObject) {
+                       $hookObject->exec_SELECTquery_postProcessAction($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '', $this);
+               }
                return $res;
        }
 
@@ -519,6 +522,9 @@ class DatabaseConnection {
         * @todo Define visibility
         */
        public function SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy = '', $limit = '') {
+               foreach ($this->preProcessHookObjects as $hookObject) {
+                       $hookObject->SELECTquery_preProcessAction($select_fields, $from_table, $where_clause, $groupBy, $orderBy, $limit, $this);
+               }
                // Table and fieldnames should be "SQL-injection-safe" when supplied to this function
                // Build basic query
                $query = 'SELECT ' . $select_fields . ' FROM ' . $from_table . (strlen($where_clause) > 0 ? ' WHERE ' . $where_clause : '');
@@ -1512,4 +1518,4 @@ class DatabaseConnection {
 }
 
 
-?>
\ No newline at end of file
+?>
index d326742..30788b9 100644 (file)
@@ -34,6 +34,20 @@ namespace TYPO3\CMS\Core\Database;
  */
 interface PostProcessQueryHookInterface {
        /**
+        * Post-processor for the SELECTquery method.
+        *
+        * @param string $select_fields Fields to be selected
+        * @param string $from_table Table to select data from
+        * @param string $where_clause Where clause
+        * @param string $groupBy Group by statement
+        * @param string $orderBy Order by statement
+        * @param integer $limit Database return limit
+        * @param \TYPO3\CMS\Core\Database\DatabaseConnection $parentObject
+        * @return void
+        */
+       public function exec_SELECTquery_postProcessAction(&$select_fields, &$from_table, &$where_clause, &$groupBy, &$orderBy, &$limit, \TYPO3\CMS\Core\Database\DatabaseConnection $parentObject);
+
+       /**
         * Post-processor for the exec_INSERTquery method.
         *
         * @param string $table Database table name
@@ -89,4 +103,4 @@ interface PostProcessQueryHookInterface {
 
 }
 
-?>
\ No newline at end of file
+?>
index 0d9bc52..5141c7d 100644 (file)
@@ -34,6 +34,20 @@ namespace TYPO3\CMS\Core\Database;
  */
 interface PreProcessQueryHookInterface {
        /**
+        * Pre-processor for the SELECTquery method.
+        *
+        * @param string $select_fields Fields to be selected
+        * @param string $from_table Table to select data from
+        * @param string $where_clause Where clause
+        * @param string $groupBy Group by statement
+        * @param string $orderBy Order by statement
+        * @param integer $limit Database return limit
+        * @param \TYPO3\CMS\Core\Database\DatabaseConnection $parentObject
+        * @return void
+        */
+       public function SELECTquery_preProcessAction(&$select_fields, &$from_table, &$where_clause, &$groupBy, &$orderBy, &$limit, \TYPO3\CMS\Core\Database\DatabaseConnection $parentObject);
+
+       /**
         * Pre-processor for the INSERTquery method.
         *
         * @param string $table Database table name
@@ -91,4 +105,4 @@ interface PreProcessQueryHookInterface {
 
 }
 
-?>
\ No newline at end of file
+?>