Commit 9809e8bf authored by Morton Jonuschat's avatar Morton Jonuschat Committed by Wouter Wolters
Browse files

[BUGFIX] Fix wrong query constraints in AbstractItemProvider

Apply proper constraints in the case of rootlevel == 1 or
rootlevel == -1

Change-Id: I92a8edc800bab6320f0e10ad4f63a5f53b27df06
Resolves: #77045
Related: #75650
Releases: master
Reviewed-on: https://review.typo3.org/48913

Tested-by: default avatarBamboo TYPO3com <info@typo3.com>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
parent cf00829c
......@@ -919,7 +919,8 @@ abstract class AbstractItemProvider
$queryBuilder
->select(...GeneralUtility::trimExplode(',', $fieldList, true))
->from($foreignTableName);
->from($foreignTableName)
->where($foreignTableClauseArray['WHERE']);
if (!empty($foreignTableClauseArray['GROUPBY'])) {
$queryBuilder->groupBy($foreignTableClauseArray['GROUPBY']);
......@@ -950,14 +951,11 @@ abstract class AbstractItemProvider
}
if ($rootLevel === -1) {
$queryBuilder->where($queryBuilder->expr()->neq($foreignTableName . '.pid', -1));
$queryBuilder->andWhere($queryBuilder->expr()->neq($foreignTableName . '.pid', -1));
} elseif ($rootLevel === 1) {
$queryBuilder->where($queryBuilder->expr()->neq($foreignTableName . '.pid', 0));
$queryBuilder->andWhere($queryBuilder->expr()->eq($foreignTableName . '.pid', 0));
} else {
$queryBuilder->where(
$backendUser->getPagePermsClause(1),
$foreignTableClauseArray['WHERE']
);
$queryBuilder->andWhere($backendUser->getPagePermsClause(1));
if ($foreignTableName !== 'pages') {
$queryBuilder
->from('pages')
......
......@@ -18,6 +18,7 @@ use TYPO3\CMS\Backend\Routing\UriBuilder;
use TYPO3\CMS\Backend\Template\DocumentTemplate;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Cache\CacheManager;
use TYPO3\CMS\Core\Cache\Frontend\VariableFrontend;
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Database\DatabaseConnection;
......@@ -687,7 +688,7 @@ class BackendUtility
*
* @param int $id Page uid for which to check read-access
* @param string $perms_clause This is typically a value generated with static::getBackendUserAuthentication()->getPagePermsClause(1);
* @return array Returns page record if OK, otherwise FALSE.
* @return array|bool Returns page record if OK, otherwise FALSE.
*/
public static function readPageAccess($id, $perms_clause)
{
......@@ -2285,9 +2286,9 @@ class BackendUtility
while ($MMrow = $result->fetch()) {
// Keep sorting of $selectUids
$selectedUid = array_search($MMrow['uid'], $selectUids);
$mmlA[$selectedUid] = $MMrow['uid'];
$mmlA[$selectedUid] = $MMrow['uid'];
if (!$noRecordLookup) {
$mmlA[$selectedUid] = static::getRecordTitle(
$mmlA[$selectedUid] = static::getRecordTitle(
$theColConf['foreign_table'],
$MMrow,
false,
......@@ -4136,11 +4137,11 @@ class BackendUtility
$count = $queryBuilder->execute()->fetchColumn(0);
}
if ($count && $msg) {
return sprintf($msg, $count);
if ($count) {
return $msg ? sprintf($msg, $count) : $count;
} else {
return $msg ? '' : 0;
}
return $count ?? '';
}
/**
......@@ -4179,7 +4180,11 @@ class BackendUtility
return sprintf($msg, $count);
}
return $count ?? '';
if ($count) {
return $msg ? sprintf($msg, $count) : $count;
} else {
return $msg ? '' : 0;
}
}
/*******************************************
......@@ -4239,7 +4244,7 @@ class BackendUtility
)
->orderBy('t3ver_id', 'DESC');
if ($includeDeletedRecords === false) {
if (!$includeDeletedRecords) {
$queryBuilder->getRestrictions()->add(GeneralUtility::makeInstance(DeletedRestriction::class));
}
......@@ -4454,7 +4459,7 @@ class BackendUtility
* @param string $table Table name to select from
* @param int $uid Record uid for which to find workspace version.
* @param string $fields Field list to select
* @return array If found, return record, otherwise FALSE
* @return array|bool If found, return record, otherwise false
*/
public static function getWorkspaceVersionOfRecord($workspace, $table, $uid, $fields = '*')
{
......@@ -4497,7 +4502,7 @@ class BackendUtility
public static function getLiveVersionOfRecord($table, $uid, $fields = '*')
{
$liveVersionId = self::getLiveVersionIdOfRecord($table, $uid);
if (is_null($liveVersionId) === false) {
if ($liveVersionId !== null) {
return self::getRecord($table, $liveVersionId, $fields);
}
return null;
......@@ -4584,7 +4589,7 @@ class BackendUtility
* @param int $uid Record UID of online version
* @param string $fields Field list, default is *
* @param int|NULL $workspace The workspace to be used
* @return array If found, the record, otherwise nothing.
* @return array|bool If found, the record, otherwise false
*/
public static function getMovePlaceholder($table, $uid, $fields = '*', $workspace = null)
{
......@@ -4603,7 +4608,7 @@ class BackendUtility
->from($table)
->where(
$queryBuilder->expr()->neq('pid', -1),
$queryBuilder->expr()->eq('t3ver_state', new VersionState(VersionState::MOVE_PLACEHOLDER)),
$queryBuilder->expr()->eq('t3ver_state', (string)(new VersionState(VersionState::MOVE_PLACEHOLDER))),
$queryBuilder->expr()->eq('t3ver_move_id', (int)$uid),
$queryBuilder->expr()->eq('t3ver_wsid', (int)$workspace)
)
......
......@@ -128,7 +128,10 @@ class TcaSelectItemsTest extends UnitTestCase
$queryBuilderProphet->from('pages')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', '')
$queryBuilderProphet->where('')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `foreignTable.pid`')
......@@ -1361,7 +1364,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace REC_FIELD' => [
'AND fTable.title=\'###REC_FIELD_rowField###\'',
[
[' 1=1', 'fTable.title=\'rowFieldValue\''],
['fTable.title=\'rowFieldValue\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1369,7 +1373,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace REC_FIELD within FlexForm' => [
'AND fTable.title=###REC_FIELD_rowFieldFlexForm###',
[
[' 1=1', 'fTable.title=\'rowFieldFlexFormValue\''],
['fTable.title=\'rowFieldFlexFormValue\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1388,7 +1393,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace REC_FIELD fullQuote' => [
'AND fTable.title=###REC_FIELD_rowField###',
[
[' 1=1', 'fTable.title=\'rowFieldValue\''],
['fTable.title=\'rowFieldValue\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1396,7 +1402,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace REC_FIELD fullQuoteWithArray' => [
'AND fTable.title=###REC_FIELD_rowFieldThree###',
[
[' 1=1', 'fTable.title=\'rowFieldThreeValue\''],
['fTable.title=\'rowFieldThreeValue\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1410,7 +1417,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace REC_FIELD multiple markers' => [
'AND fTable.title=\'###REC_FIELD_rowField###\' AND fTable.pid=###REC_FIELD_rowFieldTwo###',
[
[' 1=1', 'fTable.title=\'rowFieldValue\' AND fTable.pid=\'rowFieldTwoValue\''],
['fTable.title=\'rowFieldValue\' AND fTable.pid=\'rowFieldTwoValue\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1418,7 +1426,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace CURRENT_PID' => [
'AND fTable.uid=###CURRENT_PID###',
[
[' 1=1', 'fTable.uid=43'],
['fTable.uid=43'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1426,7 +1435,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace CURRENT_PID within FlexForm' => [
'AND fTable.uid=###CURRENT_PID###',
[
[' 1=1', 'fTable.uid=77'],
['fTable.uid=77'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1438,7 +1448,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace CURRENT_PID integer cast' => [
'AND fTable.uid=###CURRENT_PID###',
[
[' 1=1', 'fTable.uid=431'],
['fTable.uid=431'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1448,7 +1459,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace THIS_UID' => [
'AND fTable.uid=###THIS_UID###',
[
[' 1=1', 'fTable.uid=42'],
['fTable.uid=42'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1456,7 +1468,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace THIS_UID integer cast' => [
'AND fTable.uid=###THIS_UID###',
[
[' 1=1', 'fTable.uid=421'],
['fTable.uid=421'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1468,7 +1481,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace SITEROOT' => [
'AND fTable.uid=###SITEROOT###',
[
[' 1=1', 'fTable.uid=44'],
['fTable.uid=44'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[],
......@@ -1476,7 +1490,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace SITEROOT integer cast' => [
'AND fTable.uid=###SITEROOT###',
[
[' 1=1', 'fTable.uid=441'],
['fTable.uid=441'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1490,7 +1505,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace PAGE_TSCONFIG_ID' => [
'AND fTable.uid=###PAGE_TSCONFIG_ID###',
[
[' 1=1', 'fTable.uid=45'],
['fTable.uid=45'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1508,7 +1524,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace PAGE_TSCONFIG_ID integer cast' => [
'AND fTable.uid=###PAGE_TSCONFIG_ID###',
[
[' 1=1', 'fTable.uid=451'],
['fTable.uid=451'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1526,7 +1543,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace PAGE_TSCONFIG_STR' => [
'AND fTable.uid=\'###PAGE_TSCONFIG_STR###\'',
[
[' 1=1', 'fTable.uid=\'46\''],
['fTable.uid=\'46\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1544,7 +1562,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace PAGE_TSCONFIG_IDLIST' => [
'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
[
[' 1=1', 'fTable.uid IN (47,48)'],
['fTable.uid IN (47,48)'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1562,7 +1581,8 @@ class TcaSelectItemsTest extends UnitTestCase
'replace PAGE_TSCONFIG_IDLIST cleans list' => [
'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
[
[' 1=1', 'fTable.uid IN (471,481)'],
['fTable.uid IN (471,481)'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1580,7 +1600,8 @@ class TcaSelectItemsTest extends UnitTestCase
'deprecated flexHack PAGE_TSCONFIG_ID is substituted' => [
'AND fTable.uid=###PAGE_TSCONFIG_ID###',
[
[' 1=1', 'fTable.uid=123'],
['fTable.uid=123'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1594,7 +1615,8 @@ class TcaSelectItemsTest extends UnitTestCase
'deprecated flexHack PAGE_TSCONFIG_IDLIST is substituted' => [
'AND fTable.uid IN (###PAGE_TSCONFIG_IDLIST###)',
[
[' 1=1', 'fTable.uid IN (123,124)'],
['fTable.uid IN (123,124)'],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1608,7 +1630,8 @@ class TcaSelectItemsTest extends UnitTestCase
'deprecated flexHack PAGE_TSCONFIG_STR is substituted' => [
'AND fTable.uid=\'###PAGE_TSCONFIG_STR###\'',
[
[' 1=1', 'fTable.uid=\'aString\''],
['fTable.uid=\'aString\''],
[' 1=1'],
['`pages.uid` = `fTable.pid`']
],
[
......@@ -1765,7 +1788,8 @@ class TcaSelectItemsTest extends UnitTestCase
$queryBuilderProphet->addOrderBy('orderField', null)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->setFirstResult(1)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->setMaxResults(2)->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', 'ftable.uid=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where('ftable.uid=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
......@@ -1831,7 +1855,8 @@ class TcaSelectItemsTest extends UnitTestCase
$queryBuilderProphet->select('fTable.uid')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
......@@ -1905,7 +1930,8 @@ class TcaSelectItemsTest extends UnitTestCase
$queryBuilderProphet->select('fTable.uid')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
......@@ -2002,7 +2028,8 @@ class TcaSelectItemsTest extends UnitTestCase
$queryBuilderProphet->select('fTable.uid', 'fTable.icon')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('fTable')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->from('pages')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', '')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where('')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `fTable.pid`')->shouldBeCalled()->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->execute()->shouldBeCalled()->willReturn($statementProphet->reveal());
......
......@@ -112,7 +112,10 @@ class TcaSelectTreeItemsTest extends UnitTestCase
$queryBuilderProphet->from('pages')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->where(' 1=1', '')
$queryBuilderProphet->where('')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere(' 1=1')
->shouldBeCalled()
->willReturn($queryBuilderProphet->reveal());
$queryBuilderProphet->andWhere('`pages.uid` = `foreignTable.pid`')
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment