Skip to content
Snippets Groups Projects
Commit 625530c3 authored by Prasad's avatar Prasad
Browse files

Fixes #1160 :: Uma:: Pagination queries had been parameterized

parents 9b33d4f7 ac08e0a6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/Vtiger/models/ListView.php
+ 8
4
View file @ 625530c3
...@@ -232,12 +232,14 @@ class Vtiger_ListView_Model extends Vtiger_Base_Model { ...@@ -232,12 +232,14 @@ class Vtiger_ListView_Model extends Vtiger_Base_Model {
$startIndex = $pagingModel->getStartIndex(); $startIndex = $pagingModel->getStartIndex();
$pageLimit = $pagingModel->getPageLimit(); $pageLimit = $pagingModel->getPageLimit();
$paramArray = array();
if(!empty($orderBy) && $orderByFieldModel) { if(!empty($orderBy) && $orderByFieldModel) {
if($orderBy == 'roleid' && $moduleName == 'Users'){ if($orderBy == 'roleid' && $moduleName == 'Users'){
$listQuery .= ' ORDER BY vtiger_role.rolename '.' '. $sortOrder; $listQuery .= ' ORDER BY vtiger_role.rolename '.' '. $sortOrder;
} else { } else {
$listQuery .= ' ORDER BY '.$queryGenerator->getOrderByColumn($orderBy).' '.$sortOrder; $listQuery .= ' ORDER BY ? '.$sortOrder;
array_push($paramArray, $queryGenerator->getOrderByColumn($orderBy));
} }
if ($orderBy == 'first_name' && $moduleName == 'Users') { if ($orderBy == 'first_name' && $moduleName == 'Users') {
...@@ -256,9 +258,11 @@ class Vtiger_ListView_Model extends Vtiger_Base_Model { ...@@ -256,9 +258,11 @@ class Vtiger_ListView_Model extends Vtiger_Base_Model {
ListViewSession::setSessionQuery($moduleName, $listQuery, $viewid); ListViewSession::setSessionQuery($moduleName, $listQuery, $viewid);
$listQuery .= " LIMIT $startIndex,".($pageLimit+1); $listQuery .= " LIMIT ?, ?";
array_push($paramArray, $startIndex);
$listResult = $db->pquery($listQuery, array()); array_push($paramArray, ($pageLimit+1));
$listResult = $db->pquery($listQuery, $paramArray);
$listViewRecordModels = array(); $listViewRecordModels = array();
$listViewEntries = $listViewContoller->getListViewRecords($moduleFocus,$moduleName, $listResult); $listViewEntries = $listViewContoller->getListViewRecords($moduleFocus,$moduleName, $listResult);
......
modules/Vtiger/models/MiniList.php
+ 12
6
View file @ 625530c3
...@@ -105,13 +105,13 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model { ...@@ -105,13 +105,13 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model {
if(empty($pageLimit)) { if(empty($pageLimit)) {
$pageLimit = 10; $pageLimit = 10;
} }
return $pageLimit; return intval($pageLimit);
} }
function getStartIndex() { function getStartIndex() {
$nextPage = $this->get('nextPage'); $nextPage = $this->get('nextPage');
$startIndex = (($nextPage - 1) * $this->getRecordLimit()); $startIndex = (($nextPage - 1) * $this->getRecordLimit());
return $startIndex; return intval($startIndex);
} }
public function getRecords() { public function getRecords() {
...@@ -121,15 +121,18 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model { ...@@ -121,15 +121,18 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model {
if (!$this->listviewRecords) { if (!$this->listviewRecords) {
$db = PearDatabase::getInstance(); $db = PearDatabase::getInstance();
$paramArray = array();
$query = $this->queryGenerator->getQuery(); $query = $this->queryGenerator->getQuery();
$query .= ' ORDER BY vtiger_crmentity.modifiedtime DESC'; $query .= ' ORDER BY vtiger_crmentity.modifiedtime DESC';
$query .= ' LIMIT ' . $this->getStartIndex() . ',' . $this->getRecordLimit(); $query .= ' LIMIT ? , ?';
array_push($paramArray, $this->getStartIndex());
array_push($paramArray, $this->getRecordLimit());
$query = str_replace(" FROM ", ",vtiger_crmentity.crmid as id FROM ", $query); $query = str_replace(" FROM ", ",vtiger_crmentity.crmid as id FROM ", $query);
if($this->getTargetModule() == 'Calendar') { if($this->getTargetModule() == 'Calendar') {
$query = str_replace(" WHERE ", " WHERE vtiger_crmentity.setype = 'Calendar' AND ", $query); $query = str_replace(" WHERE ", " WHERE vtiger_crmentity.setype = 'Calendar' AND ", $query);
} }
$result = $db->pquery($query, array()); $result = $db->pquery($query, $paramArray);
$targetModuleName = $this->getTargetModule(); $targetModuleName = $this->getTargetModule();
$targetModuleFocus= CRMEntity::getInstance($targetModuleName); $targetModuleFocus= CRMEntity::getInstance($targetModuleName);
...@@ -152,14 +155,17 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model { ...@@ -152,14 +155,17 @@ class Vtiger_MiniList_Model extends Vtiger_Widget_Model {
$this->initListViewController(); $this->initListViewController();
$db = PearDatabase::getInstance(); $db = PearDatabase::getInstance();
$query = $this->queryGenerator->getQuery(); $query = $this->queryGenerator->getQuery();
$paramArray = array();
$startIndex = $this->getStartIndex() + $this->getRecordLimit(); $startIndex = $this->getStartIndex() + $this->getRecordLimit();
$query .= ' LIMIT ' . $startIndex . ',' . $this->getRecordLimit(); $query .= ' LIMIT ?, ?';
array_push($paramArray, $startIndex);
array_push($paramArray, $this->getRecordLimit());
if($this->getTargetModule() == 'Calendar') { if($this->getTargetModule() == 'Calendar') {
$query = str_replace(" WHERE ", " WHERE vtiger_crmentity.setype = 'Calendar' AND ", $query); $query = str_replace(" WHERE ", " WHERE vtiger_crmentity.setype = 'Calendar' AND ", $query);
} }
$result = $db->pquery($query, array()); $result = $db->pquery($query, $paramArray);
if($db->num_rows($result) > 0) { if($db->num_rows($result) > 0) {
return true; return true;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright 2023 Vtiger. All rights reserved.