Commit 3a26888e authored by Helmut Hummel's avatar Helmut Hummel Committed by Thomas Löffler
Browse files

Ensure only valid composer names are exposed via API

parent 5d88752e
...@@ -14,6 +14,9 @@ namespace T3o\TerFe2\Controller\Eid; ...@@ -14,6 +14,9 @@ namespace T3o\TerFe2\Controller\Eid;
* The TYPO3 project - inspiring people to share! * The TYPO3 project - inspiring people to share!
*/ */
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/** /**
* Class \T3o\TerFe2\Controller\Eid\ExtensionController * Class \T3o\TerFe2\Controller\Eid\ExtensionController
*/ */
...@@ -59,13 +62,33 @@ class ExtensionController ...@@ -59,13 +62,33 @@ class ExtensionController
*/ */
protected function findAllWithValidComposerName() protected function findAllWithValidComposerName()
{ {
$extensions = $this->databaseConnection->exec_SELECTgetRows( $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_terfe2_domain_model_extension');
'*', $expr = $queryBuilder->expr();
'tx_terfe2_domain_model_extension',
'hidden = 0 and deleted = 0 and composer_name <> ""' $result = $queryBuilder->select('tx_terfe2_domain_model_extension.composer_name', 'tx_terfe2_domain_model_version.composer_info')
); ->from('tx_terfe2_domain_model_extension')
->join(
'tx_terfe2_domain_model_extension',
'tx_terfe2_domain_model_version',
'tx_terfe2_domain_model_version',
$expr->eq(
'tx_terfe2_domain_model_extension.last_version',
'tx_terfe2_domain_model_version.uid'
)
)
->where(
$expr->neq(
'tx_terfe2_domain_model_extension.composer_name',
$queryBuilder->createNamedParameter('')
)
)
->execute();
foreach ($extensions as $extension) { while ($extension = $result->fetch()) {
$latestVersionComposerInfo = @json_decode($extension['composer_info'], true);
if (empty($latestVersionComposerInfo['name']) || $latestVersionComposerInfo['name'] !== $extension['composer_name']) {
continue;
}
$this->jsonArray['data'][$extension['ext_key']] = array( $this->jsonArray['data'][$extension['ext_key']] = array(
'composer_name' => $extension['composer_name'], 'composer_name' => $extension['composer_name'],
); );
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment