Server homescreen statement had parameters where not allowed, causing…

… it to fail (#1125) * statement had parameters where not allowed, causing it to fail * Added changelog entry
lansuite · May 4, 2024 · b7461f7 · b7461f7
1 parent d8d0aa6
commit b7461f7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -143,6 +143,7 @@ We could not reconstruct _all_ changes, but we tried our best to make the most o
 - [Guestlist] Restrict user information shown on Google Maps according to their settings and never show the street details ... unless you are an administrator
 - [Board] Deletion of board failed without error (#861)
 - [Forms] Hours and Minutes are not getting pre-selected in date time fields, if they are single digit (#971)
+- [Server] Fixed invalid query for homescreen (#1125)
 
 ### Security
 

diff --git a/modules/server/plugins/home.php b/modules/server/plugins/home.php
@@ -2,9 +2,9 @@
 $smarty->assign('caption', t('Server für ') . ' ' . $_SESSION['party_info']['name']);
 $content = "";
 
-if (!$cfg['server_sortmethod']) {
-    $cfg['server_sortmethod'] = 'changedate';
-}
+$serverSortmethod = $cfg['server_sortmethod'] ?? 'changedate';
+$serverItemCount = $cfg['home_item_cnt_server'] ?? 5;
+$partyId = $party->party_id ?? 0;
 
 $serverRows = $database->queryWithFullResult("
   SELECT
@@ -15,8 +15,8 @@
   FROM %prefix%server
   WHERE
     party_id = ?
-  ORDER BY ? DESC
-  LIMIT 0, ?", [$party->party_id, $cfg['server_sortmethod'], $cfg['home_item_cnt_server']]);
+  ORDER BY " . $serverSortmethod . " DESC
+  LIMIT 0, " . $serverItemCount, [$partyId]);
 
 if (count($serverRows) > 0) {
   foreach ($serverRows as $row) {