[4.0] [com_content] [wip] convert to prepared statement

administrator/components/com_content/Helper/ContentHelper.php

@@ -15,6 +15,7 @@
 use Joomla\CMS\Form\Form;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\Table\Category;
+use Joomla\Database\ParameterType;
 use Joomla\Registry\Registry;
 
 /**
@@ -39,10 +40,13 @@ public static function canDeleteState($stateID)
 	{
 		$db    = Factory::getDbo();
 		$query = $db->getQuery(true);
+		$state = (int) $stateID;
 
 		$query->select('id')
 			->from($db->quoteName('#__content'))
-			->where('state = ' . (int) $stateID);
+			->where('state = :state')
+			->bind(':state', $state, ParameterType::INTEGER);
+
 		$db->setQuery($query);
 		$states = $db->loadResult();
 
@@ -95,9 +99,11 @@ public static function updateContentState($pks, $condition): bool
 			$db    = Factory::getDbo();
 			$query = $db->getQuery(true);
 
+			$condition = (int) $condition;
 			$query->update($db->quoteName('#__content'))
-				->set($db->quoteName('state') . '=' . (int) $condition)
-				->where($db->quoteName('id') . ' IN (' . implode(', ', $pks) . ')');
+				->set($db->quoteName('state') . ' = :state')
+				->whereIn($db->quoteName('id'), $pks)
+				->bind(':state', $condition, ParameterType::INTEGER);
 
 			$db->setQuery($query)->execute();
 		}
@@ -175,9 +181,11 @@ public static function onPrepareForm(Form $form, $data)
 					}
 					elseif ((int) $workflow_id > 0)
 					{
-					$query	->clear('where')
-								->where($db->quoteName('id') . ' = ' . (int) $workflow_id)
-								->where($db->quoteName('published') . ' = 1');
+						$workflowId = (int) $workflow_id;
+						$query->clear('where')
+								->where($db->quoteName('id') . ' = :worflowid')
+								->where($db->quoteName('published') . ' = 1')
+								->bind(':worflowid', $workflowId, ParameterType::INTEGER);
 
 						$title = $db->setQuery($query)->loadResult();
 

administrator/components/com_content/Model/ArticleModel.php

@@ -31,6 +31,7 @@
 use Joomla\Component\Content\Administrator\Helper\ContentHelper;
 use Joomla\Component\Fields\Administrator\Helper\FieldsHelper;
 use Joomla\Component\Workflow\Administrator\Table\StageTable;
+use Joomla\Database\ParameterType;
 use Joomla\Registry\Registry;
 use Joomla\Utilities\ArrayHelper;
 
@@ -384,21 +385,23 @@ public function publish(&$pks, $value = 1)
 					]
 				);
 
-		$query	->select($select)
-				->from($db->quoteName('#__workflow_transitions', 'wt'))
-				->from($db->quoteName('#__workflow_stages', 'ws'))
-				->from($db->quoteName('#__workflow_stages', 'ws2'))
-				->from($db->quoteName('#__workflow_associations', 'wa'))
-				->where('(' . $db->quoteName('wt.from_stage_id') . ' = -1 OR ' .
+		$value = (int) $value;
+		$query->select($select)
+			->from($db->quoteName('#__workflow_transitions', 'wt'))
+			->from($db->quoteName('#__workflow_stages', 'ws'))
+			->from($db->quoteName('#__workflow_stages', 'ws2'))
+			->from($db->quoteName('#__workflow_associations', 'wa'))
+			->where('(' . $db->quoteName('wt.from_stage_id') . ' = -1 OR ' .
 					$db->quoteName('wt.from_stage_id') . ' = ' . $db->quoteName('wa.stage_id') . ')')
-				->where($db->quoteName('wt.to_stage_id') . ' = ' . $db->quoteName('ws.id'))
-				->where($db->quoteName('wa.stage_id') . ' = ' . $db->quoteName('ws2.id'))
-				->where($db->quoteName('wt.workflow_id') . ' = ' . $db->quoteName('ws.workflow_id'))
-				->where($db->quoteName('wt.workflow_id') . ' = ' . $db->quoteName('ws2.workflow_id'))
-				->where($db->quoteName('wt.to_stage_id') . ' != ' . $db->quoteName('wa.stage_id'))
-				->whereIn($db->quoteName('wa.item_id'), $pks)
-				->where($db->quoteName('wa.extension') . ' = ' . $db->quote('com_content'))
-				->where($db->quoteName('ws.condition') . ' = ' . (int) $value);
+			->where($db->quoteName('wt.to_stage_id') . ' = ' . $db->quoteName('ws.id'))
+			->where($db->quoteName('wa.stage_id') . ' = ' . $db->quoteName('ws2.id'))
+			->where($db->quoteName('wt.workflow_id') . ' = ' . $db->quoteName('ws.workflow_id'))
+			->where($db->quoteName('wt.workflow_id') . ' = ' . $db->quoteName('ws2.workflow_id'))
+			->where($db->quoteName('wt.to_stage_id') . ' != ' . $db->quoteName('wa.stage_id'))
+			->whereIn($db->quoteName('wa.item_id'), $pks)
+			->where($db->quoteName('wa.extension') . ' = ' . $db->quote('com_content'))
+			->where($db->quoteName('ws.condition') . ' = :value')
+			->bind(':value', $value, ParameterType::INTEGER);
 
 		$transitions = $db->setQuery($query)->loadObjectList();
 
@@ -870,14 +873,16 @@ public function save($data)
 
 			// Set the new state
 			$query = $db->getQuery(true);
+			$transition = (int) $data['transition'];
 
-			$query	->select($db->quoteName(['ws.id', 'ws.condition']))
+			$query->select($db->quoteName(['ws.id', 'ws.condition']))
 					->from($db->quoteName('#__workflow_stages', 'ws'))
 					->from($db->quoteName('#__workflow_transitions', 'wt'))
 					->where($db->quoteName('wt.to_stage_id') . ' = ' . $db->quoteName('ws.id'))
-					->where($db->quoteName('wt.id') . ' = ' . (int) $data['transition'])
+					->where($db->quoteName('wt.id') . ' = :transition')
 					->where($db->quoteName('ws.published') . ' = 1')
-					->where($db->quoteName('wt.published') . ' = 1');
+					->where($db->quoteName('wt.published') . ' = 1')
+					->bind(':transition', $transition, ParameterType::INTEGER);
 
 			$stage = $db->setQuery($query)->loadObject();
 
@@ -1005,10 +1010,12 @@ public function featured($pks, $value = 0)
 		try
 		{
 			$db = $this->getDbo();
+			$value = (int) $value;
 			$query = $db->getQuery(true)
 				->update($db->quoteName('#__content'))
-				->set('featured = ' . (int) $value)
-				->where('id IN (' . implode(',', $pks) . ')');
+				->set($db->quoteName('featured') . ' = :value')
+				->whereIn($db->quoteName('id'), $pks)
+				->bind(':value', $value, ParameterType::INTEGER);
 			$db->setQuery($query);
 			$db->execute();
 
@@ -1018,7 +1025,7 @@ public function featured($pks, $value = 0)
 				// Clear the existing features settings.
 				$query = $db->getQuery(true)
 					->delete($db->quoteName('#__content_frontpage'))
-					->where('content_id IN (' . implode(',', $pks) . ')');
+					->whereIn($db->quoteName('content_id'), $pks);
 				$db->setQuery($query);
 				$db->execute();
 			}
@@ -1028,7 +1035,7 @@ public function featured($pks, $value = 0)
 				$query = $db->getQuery(true)
 					->select('f.content_id')
 					->from('#__content_frontpage AS f')
-					->where('content_id IN (' . implode(',', $pks) . ')');
+					->whereIn($db->quoteName('content_id'), $pks);
 				$db->setQuery($query);
 
 				$oldFeatured = $db->loadColumn();
@@ -1203,7 +1210,7 @@ public function delete(&$pks)
 			$db = $this->getDbo();
 			$query = $db->getQuery(true)
 				->delete($db->quoteName('#__content_frontpage'))
-				->where('content_id IN (' . implode(',', $pks) . ')');
+				->whereIn($db->quoteName('content_id'), $pks);
 			$db->setQuery($query);
 			$db->execute();
 
@@ -1261,6 +1268,7 @@ protected function getWorkflowByCategory($catId)
 		if ($workflow_id > 0)
 		{
 			$query  = $db->getQuery(true);
+			$workflowId = (int) $workflow_id;
 
 			$query	->select(
 						$db->quoteName(
@@ -1277,7 +1285,8 @@ protected function getWorkflowByCategory($catId)
 					->where($db->quoteName('ws.default') . ' = 1')
 					->where($db->quoteName('w.published') . ' = 1')
 					->where($db->quoteName('ws.published') . ' = 1')
-					->where($db->quoteName('w.id') . ' = ' . (int) $workflow_id);
+					->where($db->quoteName('w.id') . ' = :id')
+					->bind(':id', $workflowId, ParameterType::INTEGER);
 
 			$workflow = $db->setQuery($query)->loadObject();
 
@@ -1348,7 +1357,7 @@ public function runTransition($pk, $transition_id)
 		PluginHelper::importPlugin($this->events_map['change_state']);
 
 		// Trigger the change stage event.
-		Factory::getApplication()->triggerEvent($this->event_change_state, [$context, [$pk], $workflow->getConditionForTransition($transition_id)]);
+		Factory::getApplication()->triggerEvent($this->event_change_state, [$context, [$pk], $transition_id]);
 
 		return true;
 	}

administrator/components/com_content/Model/ArticlesModel.php

@@ -19,6 +19,7 @@
 use Joomla\CMS\Table\Table;
 use Joomla\CMS\Workflow\Workflow;
 use Joomla\Component\Content\Administrator\Extension\ContentComponent;
+use Joomla\Database\ParameterType;
 use Joomla\Utilities\ArrayHelper;
 
 /**
@@ -319,37 +320,42 @@ protected function getListQuery()
 
 		if (is_numeric($access))
 		{
-			$query->where('a.access = ' . (int) $access);
+			$access = (int) $access;
+			$query->where($db->quoteName('a.access') . ' = :access')
+				->bind(':access', $access, ParameterType::INTEGER);
 		}
 		elseif (is_array($access))
 		{
 			$access = ArrayHelper::toInteger($access);
-			$access = implode(',', $access);
-			$query->where('a.access IN (' . $access . ')');
+			$query->whereIn($db->quoteName('a.access'), $access);
 		}
 
 		// Filter by featured.
 		$featured = (string) $this->getState('filter.featured');
 
 		if (in_array($featured, ['0','1']))
 		{
-			$query->where('a.featured =' . (int) $featured);
+			$featured = (int) $featured;
+			$query->where($db->quoteName('a.featured') . ' = :featured')
+				->bind(':featured', $featured, ParameterType::INTEGER);
 		}
 
 		// Filter by access level on categories.
 		if (!$user->authorise('core.admin'))
 		{
-			$groups = implode(',', $user->getAuthorisedViewLevels());
-			$query->where('a.access IN (' . $groups . ')');
-			$query->where('c.access IN (' . $groups . ')');
+			$groups = $user->getAuthorisedViewLevels();
+			$query->whereIn($db->quoteName('a.access'), $groups);
+			$query->whereIn($db->quoteName('c.access'), $groups);
 		}
 
 		// Filter by published state
 		$workflowStage = (string) $this->getState('filter.stage');
 
 		if (is_numeric($workflowStage))
 		{
-			$query->where('wa.stage_id = ' . (int) $workflowStage);
+			$workflowStage = (int) $workflowStage;
+			$query->where($db->quoteName('wa.stage_id') . ' = :workflowstage')
+				->bind('workflowstage', $workflowStage, ParameterType::INTEGER);
 		}
 
 		$condition = (string) $this->getState('filter.condition');
@@ -358,7 +364,9 @@ protected function getListQuery()
 		{
 			if (is_numeric($condition))
 			{
-				$query->where($db->quoteName('ws.condition') . ' = ' . (int) $condition);
+				$condition = (int) $condition;
+				$query->where($db->quoteName('ws.condition') . ' = :condition')
+					->bind(':condition', $condition, ParameterType::INTEGER);
 			}
 			elseif (!is_numeric($workflowStage))
 			{
@@ -405,22 +413,25 @@ protected function getListQuery()
 		// Case: Using only the by level filter
 		elseif ($level)
 		{
-			$query->where('c.level <= ' . (int) $level);
+			$level = (int) $level;
+			$query->where($db->quoteName('c.level') . ' <= :level')
+				->bind(':level', $level, ParameterType::INTEGER);
 		}
 
 		// Filter by author
 		$authorId = $this->getState('filter.author_id');
 
 		if (is_numeric($authorId))
 		{
+			$authorId = (int) $authorId;
 			$type = $this->getState('filter.author_id.include', true) ? '= ' : '<>';
-			$query->where('a.created_by ' . $type . (int) $authorId);
+			$query->where($db->quoteName('a.created_by') . $type . ' :createdby')
+				->bind(':createdby', $authorId, ParameterType::INTEGER);
 		}
 		elseif (is_array($authorId))
 		{
 			$authorId = ArrayHelper::toInteger($authorId);
-			$authorId = implode(',', $authorId);
-			$query->where('a.created_by IN (' . $authorId . ')');
+			$query->whereIn($db->quoteName('a.created'), $authorId);
 		}
 
 		// Filter by search in title.
@@ -430,29 +441,40 @@ protected function getListQuery()
 		{
 			if (stripos($search, 'id:') === 0)
 			{
-				$query->where('a.id = ' . (int) substr($search, 3));
+				$ids = (int) substr($search, 3);
+				$query->where($db->quoteName('a.id') . ' = :id');
+				$query->bind(':id', $ids, ParameterType::INTEGER);
 			}
 			elseif (stripos($search, 'author:') === 0)
 			{
-				$search = $db->quote('%' . $db->escape(substr($search, 7), true) . '%');
-				$query->where('(ua.name LIKE ' . $search . ' OR ua.username LIKE ' . $search . ')');
+				$search = '%' . substr($search, 7) . '%';
+				$query->where('(' . $db->quoteName('ua.name') . ' LIKE :name' .
+					' OR ' . $db->quoteName('ua.username') . ' LIKE :uname'. ')');
+				$query->bind(':name', $search)
+					->bind(':uname', $search);
 			}
 			elseif (stripos($search, 'content:') === 0)
 			{
-				$search = $db->quote('%' . $db->escape(substr($search, 8), true) . '%');
+				$search = '%' . substr($search, 8) . '%';
 				$query->where('(a.introtext LIKE ' . $search . ' OR a.fulltext LIKE ' . $search . ')');
 			}
 			else
 			{
-				$search = $db->quote('%' . str_replace(' ', '%', $db->escape(trim($search), true) . '%'));
-				$query->where('(a.title LIKE ' . $search . ' OR a.alias LIKE ' . $search . ' OR a.note LIKE ' . $search . ')');
+				$search = '%' . trim($search) . '%';
+				$query->where('(' . $db->quoteName('a.title') . ' LIKE :title' .
+					' OR ' . $db->quoteName('a.alias') . ' LIKE :alias' .
+					' OR '. $db->quoteName('a.note') . ' LIKE :note' . ')');
+				$query->bind(':title', $search)
+					->bind(':alias', $search)
+					->bind(':note', $search);
 			}
 		}
 
 		// Filter on the language.
 		if ($language = $this->getState('filter.language'))
 		{
-			$query->where('a.language = ' . $db->quote($language));
+			$query->where($db->quoteName('a.language') . ' = :language')
+				->bind(':language', $language);
 		}
 
 		// Filter by a single or group of tags.
@@ -462,19 +484,20 @@ protected function getListQuery()
 		if (is_numeric($tagId))
 		{
 			$hasTag = true;
+			$tagId = (int) $tagId;
 
-			$query->where($db->quoteName('tagmap.tag_id') . ' = ' . (int) $tagId);
+			$query->where($db->quoteName('tagmap.tag_id') . ' = :tagid')
+				->bind(':tagid', $tagId, ParameterType::INTEGER);
 		}
 		elseif (is_array($tagId))
 		{
 			$tagId = ArrayHelper::toInteger($tagId);
-			$tagId = implode(',', $tagId);
 
 			if (!empty($tagId))
 			{
 				$hasTag = true;
 
-				$query->where($db->quoteName('tagmap.tag_id') . ' IN (' . $tagId . ')');
+				$query->whereIn($db->quoteName('tagmap.tag_id'), $tagId);
 			}
 		}