Dev: fixed empty string errors with non mySql databases

LimeSurvey · May 21, 2019 · 6995ac5 · 6995ac5
1 parent 19dc0fa
commit 6995ac5
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 8 deletions.
diff --git a/application/controllers/admin/participantsaction.php b/application/controllers/admin/participantsaction.php
@@ -52,7 +52,7 @@ public function runWithParams($params)
             || Permission::model()->hasGlobalPermission('participantpanel', 'create')
             || Permission::model()->hasGlobalPermission('participantpanel', 'update')
             || Permission::model()->hasGlobalPermission('participantpanel', 'delete')
-            || ParticipantShare::model()->exists('share_uid = ' . App()->user->id ? App()->user->id : ''))
+            || ParticipantShare::model()->exists('share_uid = :userid', [':userid' => App()->user->id]))
         ) {
             App()->setFlashMessage(gT('No permission'), 'error');
             App()->getController()->redirect(App()->request->urlReferrer);
@@ -365,7 +365,7 @@ public function displayParticipants()
                         ['share_uid' =>  $iUserId],
                         ['condition' => 'can_edit = \'0\' OR can_edit = \'\'',]
                     )),
-                    'sharedParticipantExists' => ParticipantShare::model()->exists('share_uid = ' . $iUserId),
+                    'sharedParticipantExists' => ParticipantShare::model()->exists('share_uid = :userid', [':userid' => $iUserId]),
                     'isOwner' => isset($participantParam['owner_uid']) && ($participantParam['owner_uid'] === $iUserId) ? true : false
                 ],
 

diff --git a/application/models/Participant.php b/application/models/Participant.php
@@ -2116,7 +2116,7 @@ public function userHasPermissionToEdit()
         $userId = Yii::app()->user->id;
 
         $shared = ParticipantShare::model()->findByAttributes(
-            ['participant_id' => $this->participant_id], 'share_uid = ' . $userId. ' AND can_edit = 1'
+            ['participant_id' => $this->participant_id], 'share_uid = :userid AND can_edit = 1', [':userid' => $userId]
         );
         $owner = $this->owner_uid == $userId;
 
@@ -2126,7 +2126,7 @@ public function userHasPermissionToEdit()
         } else if ($shared && $shared->share_uid == -1 && $shared->can_edit) {
             // -1 = shared with everyone
             return true;
-        } else if ($shared && $shared->exists('share_uid' == $userId) && $shared->can_edit) {
+        } else if ($shared && $shared->exists('share_uid = :userid', [':userid' => $userId]) && $shared->can_edit) {
             // Shared with this particular user
             return true;
         } else if ($owner) {

diff --git a/application/models/ParticipantShare.php b/application/models/ParticipantShare.php
@@ -402,7 +402,9 @@ public function canEditSharedParticipant($participent_id)
     {
         $participent = $this->findByAttributes(
             ['participant_id' => $participent_id],
-            ['condition' => 'can_edit = 1 AND share_uid = ' . App()->user->getId()]);
+            'can_edit = 1 AND share_uid = :userid',
+            [':userid' => App()->user->id]
+        );
         if ($participent) {
             return true;
         }

diff --git a/application/views/admin/participants/participantsPanel_view.php b/application/views/admin/participants/participantsPanel_view.php
@@ -60,7 +60,7 @@
                     <?php eT("Display CPDB participants");?>
                 </a>
             <?php elseif (Permission::model()->hasGlobalPermission('participantpanel','create')
-                || ParticipantShare::model()->exists('share_uid = ' . App()->user->getId())):?>
+                || ParticipantShare::model()->exists('share_uid = :userid', [':userid' => App()->user->id])):?>
                 <!-- Display my participants -->
                 <a class="btn btn-default pjax" href="<?php echo $this->createUrl("admin/participants/sa/displayParticipants"); ?>" role="button">
                     <span class="fa fa-list text-success"></span>

diff --git a/application/views/admin/super/_configuration_menu.php b/application/views/admin/super/_configuration_menu.php
@@ -17,7 +17,7 @@
     || Permission::model()->hasGlobalPermission('participantpanel', 'create')
     || Permission::model()->hasGlobalPermission('participantpanel', 'update')
     || Permission::model()->hasGlobalPermission('participantpanel', 'delete')
-    || ParticipantShare::model()->exists('share_uid = ' . App()->user->id ? App()->user->id : '')
+    || ParticipantShare::model()->exists('share_uid = :userid', [':userid' => App()->user->id])
     || Permission::model()->hasGlobalPermission('settings', 'read')
 ): ?>
 
@@ -221,7 +221,7 @@
                     || Permission::model()->hasGlobalPermission('participantpanel', 'create')
                     || Permission::model()->hasGlobalPermission('participantpanel', 'update')
                     || Permission::model()->hasGlobalPermission('participantpanel', 'delete')
-                    || ParticipantShare::model()->exists('share_uid = ' . App()->user->id ? App()->user->id : '')
+                    || ParticipantShare::model()->exists('share_uid = :userid', [':userid' => App()->user->id])
                 ): ?>
                     <li class="dropdown-item">
                         <a href="<?php echo $this->createUrl("admin/participants/sa/displayParticipants"); ?>">