mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-03-13 20:28:44 +01:00
Code Issues Releases Wiki Activity

Merge pull request #4332 from Senky/ticket/11446

Browse Source 
[ticket/11446] Use sql_in_set properly in phpbb_notification_manager
This commit is contained in:
Marc Alexander 2016-05-27 21:16:32 +02:00
commit e30518461c
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
phpBB/phpbb/notification/manager.php
View File

@ -192,7 +192,7 @@ class manager
$sql = 'SELECT n.*, nt.notification_type_name
FROM ' . $this->notifications_table . ' n, ' . $this->notification_types_table . ' nt
WHERE n.user_id = ' . (int) $options['user_id'] .
(($options['notification_id']) ? ((is_array($options['notification_id'])) ? ' AND ' . $this->db->sql_in_set('n.notification_id', $options['notification_id']) : ' AND n.notification_id = ' . (int) $options['notification_id']) : '') . '
(($options['notification_id']) ? ' AND ' . $this->db->sql_in_set('n.notification_id', $options['notification_id']) : '') . '
AND nt.notification_type_id = n.notification_type_id
AND nt.notification_type_enabled = 1
ORDER BY n.' . $this->db->sql_escape($options['order_by']) . ' ' . $this->db->sql_escape($options['order_dir']);
@ -275,10 +275,9 @@ class manager
$sql = 'UPDATE ' . $this->notifications_table . "
SET notification_read = 1
WHERE notification_time <= " . (int) $time .
(($notification_type_name !== false) ? ' AND ' .
(is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') .
(($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : '') .
(($item_id !== false) ? ' AND ' . (is_array($item_id) ? $this->db->sql_in_set('item_id', $item_id) : 'item_id = ' . (int) $item_id) : '');
(($notification_type_name !== false) ? ' AND ' . $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : '') .
(($user_id !== false) ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : '') .
(($item_id !== false) ? ' AND ' . $this->db->sql_in_set('item_id', $item_id) : '');
$this->db->sql_query($sql);
}
@ -297,10 +296,9 @@ class manager
$sql = 'UPDATE ' . $this->notifications_table . "
SET notification_read = 1
WHERE notification_time <= " . (int) $time .
(($notification_type_name !== false) ? ' AND ' .
(is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') .
(($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') .
(($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : '');
(($notification_type_name !== false) ? ' AND ' . $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : '') .
(($item_parent_id !== false) ? ' AND ' . $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : '') .
(($user_id !== false) ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : '');
$this->db->sql_query($sql);
}
@ -317,7 +315,7 @@ class manager
$sql = 'UPDATE ' . $this->notifications_table . "
SET notification_read = 1
WHERE notification_time <= " . (int) $time . '
AND ' . ((is_array($notification_id)) ? $this->db->sql_in_set('notification_id', $notification_id) : 'notification_id = ' . (int) $notification_id);
AND ' . $this->db->sql_in_set('notification_id', $notification_id);
$this->db->sql_query($sql);
}
@ -542,8 +540,8 @@ class manager
$sql = 'DELETE FROM ' . $this->notifications_table . '
WHERE notification_type_id = ' . (int) $notification_type_id . '
AND ' . (is_array($item_id) ? $this->db->sql_in_set('item_id', $item_id) : 'item_id = ' . (int) $item_id) .
(($parent_id !== false) ? ' AND ' . ((is_array($parent_id) ? $this->db->sql_in_set('item_parent_id', $parent_id) : 'item_parent_id = ' . (int) $parent_id)) : '');
AND ' . $this->db->sql_in_set('item_id', $item_id) .
(($parent_id !== false) ? ' AND ' . $this->db->sql_in_set('item_parent_id', $parent_id) : '');
$this->db->sql_query($sql);
}
@ -969,11 +967,16 @@ class manager
/**
* Get notification type ids (as an array)
*
* @param array $notification_type_names Array of strings
* @param string|array $notification_type_names Notification type names
* @return array Array of integers
*/
public function get_notification_type_ids(array $notification_type_names)
public function get_notification_type_ids($notification_type_names)
{
if (!is_array($notification_type_names))
{
$notification_type_names = array($notification_type_names);
}
$notification_type_ids = array();
foreach ($notification_type_names as $name)