Commit 4f5065cf authored by Henning Leutz's avatar Henning Leutz 🥋
Browse files

fix: QVE-12-2019-3 to -11

parent c40811da
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
"name": "quiqqer/quiqqer", "name": "quiqqer/quiqqer",
"type": "quiqqer-system", "type": "quiqqer-system",
"description": "A modular based management system written in JavaScript and PHP", "description": "A modular based management system written in JavaScript and PHP",
"version": "1.2.9", "version": "1.2.10",
"license": "GPL-3.0+", "license": "GPL-3.0+",
"authors": [ "authors": [
{ {
......
...@@ -10,6 +10,7 @@ use QUI; ...@@ -10,6 +10,7 @@ use QUI;
use QUI\Projects\Media\Utils as MediaUtils; use QUI\Projects\Media\Utils as MediaUtils;
use QUI\Utils\System\File as FileUtils; use QUI\Utils\System\File as FileUtils;
use QUI\Utils\StringHelper as StringUtils; use QUI\Utils\StringHelper as StringUtils;
use QUI\Utils\Security\Orthos;
/** /**
* A media folder * A media folder
...@@ -596,45 +597,47 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File ...@@ -596,45 +597,47 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File
$order = 'name'; $order = 'name';
} }
$table = Orthos::cleanupDatabaseFieldName($table);
$table_rel = Orthos::cleanupDatabaseFieldName($table_rel);
$table_parent = $table_rel.'.`parent`';
$table_child = $table_rel.'.`child`';
$table_id = $table.'.`id`';
$table_delete = $table.'.`deleted`';
$table_type = $table.'.`type`';
$table_cDate = $table.'.`c_date`';
$table_name = $table.'.`name`';
$parentId = $this->getId();
switch ($order) { switch ($order) {
case 'id': case 'id':
case 'id ASC': case 'id ASC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') DESC, {$table_id}";
= 'find_in_set('.$table.'.type, \'folder\') DESC, '.$table
.'.id';
break; break;
case 'id DESC': case 'id DESC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') DESC, {$table_id} DESC";
= 'find_in_set('.$table.'.type, \'folder\') DESC, '.$table
.'.id DESC';
break; break;
case 'c_date': case 'c_date':
case 'c_date ASC': case 'c_date ASC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') DESC, {$table_cDate}";
= 'find_in_set('.$table.'.type, \'folder\') DESC, '.$table
.'.c_date';
break; break;
case 'c_date DESC': case 'c_date DESC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') DESC, {$table_cDate} DESC";
= 'find_in_set('.$table.'.type, \'folder\') DESC, '.$table
.'.c_date DESC';
break; break;
case 'name ASC': case 'name ASC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') ASC, {$table_name}";
= 'find_in_set('.$table.'.type, \'folder\') ASC, '.$table
.'.name';
break; break;
default: default:
case 'name': case 'name':
case 'name DESC': case 'name DESC':
$order_by $order_by = "find_in_set({$table_type}, 'folder') DESC, {$table_name}";
= 'find_in_set('.$table.'.type, \'folder\') DESC, '.$table
.'.name';
break; break;
case 'priority': case 'priority':
...@@ -643,26 +646,58 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File ...@@ -643,26 +646,58 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File
$order_by = $order; $order_by = $order;
} }
$limit = '';
if (isset($params['limit'])) { if (isset($params['limit'])) {
$query['limit'] = $params['limit']; $limitParams = explode(',', $params['limit']);
if (count($limitParams) === 2) {
$limitParams[0] = (int)$limitParams[0];
$limitParams[1] = (int)$limitParams[1];
$limit = "LIMIT {$limitParams[0]}, {$limitParams[1]}";
} else {
$limitParams[0] = (int)$limitParams[0];
$limit = "LIMIT {$limitParams[0]}";
}
} }
$query = [ $query = "
'select' => 'id',
'from' => [ SELECT id
$table, FROM {$table}, {$table_rel}
$table_rel WHERE
], {$table_parent} = {$parentId} AND
'where' => [ {$table_child} = {$table_id} AND
$table_rel.'.parent' => $this->getId(), {$table_delete} = 0
$table_rel.'.child' => '`'.$table.'.id`', ORDER BY
$table.'.deleted' => 0 {$order_by} {$limit}
], ;
'order' => $order_by ";
];
// $query = [
// 'select' => 'id',
// 'from' => [
// $table,
// $table_rel
// ],
// 'where' => [
// $table_rel.'.parent' => $this->getId(),
// $table_rel.'.child' => '`'.$table.'.id`',
// $table.'.deleted' => 0
// ],
// 'order' => $order_by
// ];
$fetch = QUI::getDataBase()->fetch($query); try {
$fetch = QUI::getDataBase()->fetchSQL($query);
} catch (QUI\Exception $Exception) {
QUI\System\Log::writeException($Exception);
return [];
}
$result = []; $result = [];
foreach ($fetch as $entry) { foreach ($fetch as $entry) {
...@@ -670,6 +705,7 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File ...@@ -670,6 +705,7 @@ class Folder extends Item implements QUI\Interfaces\Projects\Media\File
} }
return $result; return $result;
} }
/** /**
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment