Skip to content

Commit

Permalink
convert to prepared
Browse files Browse the repository at this point in the history
  • Loading branch information
@alikon
alikon committed Jun 11, 2019
1 parent 54c295f commit f41e26c
Showing 1 changed file with 46 additions and 23 deletions.
69 changes: 46 additions & 23 deletions administrator/components/com_content/Model/ArticlesModel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use Joomla\CMS\Table\Table;
use Joomla\CMS\Workflow\Workflow;
use Joomla\Component\Content\Administrator\Extension\ContentComponent;
use Joomla\Database\ParameterType;
use Joomla\Utilities\ArrayHelper;

/**
Expand Down Expand Up @@ -319,37 +320,42 @@ protected function getListQuery()

if (is_numeric($access))
{
$query->where('a.access = ' . (int) $access);
$access = (int) $access;
$query->where($db->quoteName('a.access') . ' = :access')
->bind(':access', $access, ParameterType::INTEGER);
}
elseif (is_array($access))
{
$access = ArrayHelper::toInteger($access);
$access = implode(',', $access);
$query->where('a.access IN (' . $access . ')');
$query->whereIn($db->quoteName('a.access'), $access);
}

// Filter by featured.
$featured = (string) $this->getState('filter.featured');

if (in_array($featured, ['0','1']))
{
$query->where('a.featured =' . (int) $featured);
$featured = (int) $featured;
$query->where($db->quoteName('a.featured') . ' = :featured')
->bind(':featured', $featured, ParameterType::INTEGER);
}

// Filter by access level on categories.
if (!$user->authorise('core.admin'))
{
$groups = implode(',', $user->getAuthorisedViewLevels());
$query->where('a.access IN (' . $groups . ')');
$query->where('c.access IN (' . $groups . ')');
$groups = $user->getAuthorisedViewLevels();
$query->whereIn($db->quoteName('a.access'), $groups);
$query->whereIn($db->quoteName('c.access'), $groups);
}

// Filter by published state
$workflowStage = (string) $this->getState('filter.stage');

if (is_numeric($workflowStage))
{
$query->where('wa.stage_id = ' . (int) $workflowStage);
$workflowStage = (int) $workflowStage;
$query->where($db->quoteName('wa.stage_id') . ' = :workflowstage')
->bind('workflowstage', $workflowStage, ParameterType::INTEGER);
}

$condition = (string) $this->getState('filter.condition');
Expand All @@ -358,7 +364,9 @@ protected function getListQuery()
{
if (is_numeric($condition))
{
$query->where($db->quoteName('ws.condition') . ' = ' . (int) $condition);
$condition = (int) $condition;
$query->where($db->quoteName('ws.condition') . ' = :condition')
->bind(':condition', $condition, ParameterType::INTEGER);
}
elseif (!is_numeric($workflowStage))
{
Expand Down Expand Up @@ -405,22 +413,25 @@ protected function getListQuery()
// Case: Using only the by level filter
elseif ($level)
{
$query->where('c.level <= ' . (int) $level);
$level = (int) $level;
$query->where($db->quoteName('c.level') . ' <= :level')
->bind(':level', $level, ParameterType::INTEGER);
}

// Filter by author
$authorId = $this->getState('filter.author_id');

if (is_numeric($authorId))
{
$authorId = (int) $authorId;
$type = $this->getState('filter.author_id.include', true) ? '= ' : '<>';
$query->where('a.created_by ' . $type . (int) $authorId);
$query->where($db->quoteName('a.created_by') . $type . ' :createdby')
->bind(':createdby', $authorId, ParameterType::INTEGER);
}
elseif (is_array($authorId))
{
$authorId = ArrayHelper::toInteger($authorId);
$authorId = implode(',', $authorId);
$query->where('a.created_by IN (' . $authorId . ')');
$query->whereIn($db->quoteName('a.created'), $authorId);
}

// Filter by search in title.
Expand All @@ -430,29 +441,40 @@ protected function getListQuery()
{
if (stripos($search, 'id:') === 0)
{
$query->where('a.id = ' . (int) substr($search, 3));
$ids = (int) substr($search, 3);
$query->where($db->quoteName('a.id') . ' = :id');
$query->bind(':id', $ids, ParameterType::INTEGER);
}
elseif (stripos($search, 'author:') === 0)
{
$search = $db->quote('%' . $db->escape(substr($search, 7), true) . '%');
$query->where('(ua.name LIKE ' . $search . ' OR ua.username LIKE ' . $search . ')');
$search = '%' . substr($search, 7) . '%';
$query->where('(' . $db->quoteName('ua.name') . ' LIKE :name' .
' OR ' . $db->quoteName('ua.username') . ' LIKE :uname'. ')');
$query->bind(':name', $search)
->bind(':uname', $search);
}
elseif (stripos($search, 'content:') === 0)
{
$search = $db->quote('%' . $db->escape(substr($search, 8), true) . '%');
$search = '%' . substr($search, 8) . '%';
$query->where('(a.introtext LIKE ' . $search . ' OR a.fulltext LIKE ' . $search . ')');
}
else
{
$search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%'));
$query->where('(a.title LIKE ' . $search . ' OR a.alias LIKE ' . $search . ' OR a.note LIKE ' . $search . ')');
$search = '%' . trim($search) . '%';
$query->where('(' . $db->quoteName('a.title') . ' LIKE :title' .
' OR ' . $db->quoteName('a.alias') . ' LIKE :alias' .
' OR '. $db->quoteName('a.note') . ' LIKE :note' . ')');
$query->bind(':title', $search)
->bind(':alias', $search)
->bind(':note', $search);
}
}

// Filter on the language.
if ($language = $this->getState('filter.language'))
{
$query->where('a.language = ' . $db->quote($language));
$query->where($db->quoteName('a.language') . ' = :language')
->bind(':language', $language);
}

// Filter by a single or group of tags.
Expand All @@ -462,19 +484,20 @@ protected function getListQuery()
if (is_numeric($tagId))
{
$hasTag = true;
$tagId = (int) $tagId;

$query->where($db->quoteName('tagmap.tag_id') . ' = ' . (int) $tagId);
$query->where($db->quoteName('tagmap.tag_id') . ' = :tagid')
->bind(':tagid', $tagId, ParameterType::INTEGER);
}
elseif (is_array($tagId))
{
$tagId = ArrayHelper::toInteger($tagId);
$tagId = implode(',', $tagId);

if (!empty($tagId))
{
$hasTag = true;

$query->where($db->quoteName('tagmap.tag_id') . ' IN (' . $tagId . ')');
$query->whereIn($db->quoteName('tagmap.tag_id'), $tagId);
}
}

Expand Down

0 comments on commit f41e26c

Please sign in to comment.