diff --git a/phpmyfaq/src/phpMyFAQ/Category.php b/phpmyfaq/src/phpMyFAQ/Category.php
index 4f9218ac57..90669b0199 100755
--- a/phpmyfaq/src/phpMyFAQ/Category.php
+++ b/phpmyfaq/src/phpMyFAQ/Category.php
@@ -79,7 +79,7 @@ class Category
/**
* Groups.
*
- * @var array
+ * @var int[]
*/
private array $groups = [-1];
@@ -115,7 +115,7 @@ class Category
* Symbol for each item
* NOTE: We do not use this currently.
*
- * @var array
+ * @var string[]
*/
private array $symbols = [
'vertical' => '|',
@@ -178,7 +178,7 @@ public function getUser(): int
}
/**
- * @return array
+ * @return int[]
*/
public function getGroups(): array
{
@@ -217,7 +217,7 @@ private function getOrderedCategories(bool $withPermission = true): array
WHERE' : '
AND';
$where .= "
- fc.lang = '" . $this->language . "'";
+ fc.lang = '" . $this->config->getDb()->escape($this->language) . "'";
}
$query = sprintf(
@@ -341,7 +341,7 @@ public function getCategories(string $categories, bool $parentId = true): array
$query .= Strings::substr($_query, 4);
}
if (isset($this->language) && preg_match("/^[a-z\-]{2,}$/", $this->language)) {
- $query .= " AND lang = '" . $this->language . "'";
+ $query .= " AND lang = '" . $this->config->getDb()->escape($this->language) . "'";
}
$query .= ' ORDER BY id';
$result = $this->config->getDb()->query($query);
@@ -368,7 +368,7 @@ public function getAllCategories(): array
Database::getTablePrefix()
);
if (isset($this->language) && preg_match("/^[a-z\-]{2,}$/", $this->language)) {
- $query .= " WHERE lang = '" . $this->language . "'";
+ $query .= " WHERE lang = '" . $this->config->getDb()->escape($this->language) . "'";
}
$result = $this->config->getDb()->query($query);
@@ -384,7 +384,7 @@ public function getAllCategories(): array
'active' => (int)$row['active'],
'show_home' => (int)$row['show_home'],
'image' => $row['image'],
- 'level' => (int)$this->getLevelOf($row['id'])
+ 'level' => $this->getLevelOf($row['id'])
];
}
@@ -445,14 +445,7 @@ public function getAllCategoryIds(): array
{
$categories = [];
- $query = sprintf(
- '
- SELECT
- id
- FROM
- %sfaqcategories',
- Database::getTablePrefix()
- );
+ $query = sprintf('SELECT id FROM %sfaqcategories', Database::getTablePrefix());
if (isset($this->language) && preg_match("/^[a-z\-]{2,}$/", $this->language)) {
$query .= sprintf(" WHERE lang = '%s'", $this->language);
@@ -817,10 +810,9 @@ public function addCategoryLink(
* Returns the data of the given category.
*
* @param int $categoryId
- *
* @return CategoryEntity
*/
- public function getCategoryData($categoryId): CategoryEntity
+ public function getCategoryData(int $categoryId): CategoryEntity
{
$entity = new CategoryEntity();
@@ -828,7 +820,7 @@ public function getCategoryData($categoryId): CategoryEntity
"SELECT * FROM %sfaqcategories WHERE id = %d AND lang = '%s'",
Database::getTablePrefix(),
$categoryId,
- $this->language
+ $this->config->getDb()->escape($this->language)
);
$result = $this->config->getDb()->query($query);
@@ -989,8 +981,8 @@ public function getCategoriesFromFaq(int $faqId): array
Database::getTablePrefix(),
Database::getTablePrefix(),
$faqId,
- $this->language,
- $this->language
+ $this->config->getDb()->escape($this->language),
+ $this->config->getDb()->escape($this->language)
);
$result = $this->config->getDb()->query($query);
@@ -1069,14 +1061,14 @@ public function addCategory(array $categoryData, int $parentId = 0, $id = null):
(%d, '%s', %d, '%s', '%s', %d, %d, %d, '%s', %d)",
Database::getTablePrefix(),
$id,
- $categoryData['lang'],
+ $this->config->getDb()->escape($categoryData['lang']),
$parentId,
- $categoryData['name'],
- $categoryData['description'],
+ $this->config->getDb()->escape($categoryData['name']),
+ $this->config->getDb()->escape($categoryData['description']),
$categoryData['user_id'],
$categoryData['group_id'],
$categoryData['active'],
- $categoryData['image'],
+ $this->config->getDb()->escape($categoryData['image']),
$categoryData['show_home']
);
$this->config->getDb()->query($query);
@@ -1087,7 +1079,7 @@ public function addCategory(array $categoryData, int $parentId = 0, $id = null):
/**
* Check if category already exists.
*
- * @param array $categoryData Array of category data
+ * @param string[] $categoryData Array of category data
*
* @return int
*/
@@ -1096,18 +1088,19 @@ public function checkIfCategoryExists(array $categoryData): int
$query = sprintf(
"SELECT name from %sfaqcategories WHERE name = '%s' AND lang = '%s'",
Database::getTablePrefix(),
- $categoryData['name'],
- $categoryData['lang']
+ $this->config->getDb()->escape($categoryData['name']),
+ $this->config->getDb()->escape($categoryData['lang'])
);
$result = $this->config->getDb()->query($query);
+
return $this->config->getDb()->numRows($result);
}
/**
* Updates an existent category entry.
*
- * @param array $categoryData Array of category data
+ * @param string[] $categoryData Array of category data
*
* @return bool
*/
@@ -1130,15 +1123,15 @@ public function updateCategory(array $categoryData): bool
AND
lang = '%s'",
Database::getTablePrefix(),
- $categoryData['name'],
- $categoryData['description'],
+ $this->config->getDb()->escape($categoryData['name']),
+ $this->config->getDb()->escape($categoryData['description']),
$categoryData['user_id'],
$categoryData['group_id'],
$categoryData['active'],
$categoryData['show_home'],
- $categoryData['image'],
+ $this->config->getDb()->escape($categoryData['image']),
$categoryData['id'],
- $categoryData['lang']
+ $this->config->getDb()->escape($categoryData['lang'])
);
return (bool) $this->config->getDb()->query($query);
@@ -1159,9 +1152,8 @@ public function moveOwnership(int $from, int $to): bool
$to,
$from
);
- $this->config->getDb()->query($query);
- return true;
+ return (bool) $this->config->getDb()->query($query);
}
/**
@@ -1177,7 +1169,7 @@ public function checkLanguage(int $categoryId, string $categoryLanguage): bool
"SELECT lang FROM %sfaqcategories WHERE id = %d AND lang = '%s'",
Database::getTablePrefix(),
$categoryId,
- $categoryLanguage
+ $this->config->getDb()->escape($categoryLanguage)
);
$result = $this->config->getDb()->query($query);
@@ -1204,9 +1196,8 @@ public function updateParentCategory(int $categoryId, int $parentId): bool
$parentId,
$categoryId
);
- $this->config->getDb()->query($query);
- return true;
+ return (bool) $this->config->getDb()->query($query);
}
/**
@@ -1222,7 +1213,7 @@ public function deleteCategory(int $categoryId, string $categoryLang): bool
"DELETE FROM %sfaqcategories WHERE id = %d AND lang = '%s'",
Database::getTablePrefix(),
$categoryId,
- $categoryLang
+ $this->config->getDb()->escape($categoryLang)
);
return (bool) $this->config->getDb()->query($query);
@@ -1254,7 +1245,7 @@ public function getCategoryLanguagesTranslated(int $categoryId): array
lang = '%s'",
Database::getTablePrefix(),
$categoryId,
- $language
+ $this->config->getDb()->escape($language)
);
$result = $this->config->getDb()->query($query);
if ($row = $this->config->getDb()->fetchArray($result)) {
@@ -1270,20 +1261,19 @@ public function getCategoryLanguagesTranslated(int $categoryId): array
/**
* Create all languages which can be used for translation as