/** * Find an extension by title, author name or extension key * This is the function used by the TER search. It is using a * scoring for the matches to sort the extension with an * exact key match on top * * @param string $searchString The string to search for extensions * @return mixed */ public function findByTitleOrAuthorNameOrExtensionKey($searchString) { $quotedSearchString = $this->databaseConnection->escapeStrForLike($this->databaseConnection->quoteStr($searchString, 'tx_extensionmanager_domain_model_extension'), 'tx_extensionmanager_domain_model_extension'); $quotedSearchStringForLike = '\'%' . $quotedSearchString . '%\''; $quotedSearchString = '\'' . $quotedSearchString . '\''; $select = 'tx_extensionmanager_domain_model_extension.*, ( (extension_key like ' . $quotedSearchString . ') * 8 + (extension_key like ' . $quotedSearchStringForLike . ') * 4 + (title like ' . $quotedSearchStringForLike . ') * 2 + (author_name like ' . $quotedSearchStringForLike . ') ) as position'; $from = 'tx_extensionmanager_domain_model_extension'; $where = '( extension_key = ' . $quotedSearchString . ' OR extension_key LIKE ' . $quotedSearchStringForLike . ' OR title LIKE ' . $quotedSearchStringForLike . ' OR description LIKE ' . $quotedSearchStringForLike . ' OR author_name LIKE ' . $quotedSearchStringForLike . ' ) AND current_version=1 AND review_state >= 0 HAVING position > 0'; $order = 'position desc'; $result = $this->databaseConnection->exec_SELECTgetRows($select, $from, $where, '', $order); return $this->dataMapper->map('TYPO3\\CMS\\Extensionmanager\\Domain\\Model\\Extension', $result); }
/** * Search for users and returns usernames as result * * @param string $sword search string * @return array Array of usernames */ public function search($sword) { $result = array(); if (!$this->is_init) { $this->init(); } if (!$this->validateName($this->field)) { return $result; } /** @see https://buzz.typo3.org/teams/security/article/correct-usage-of-typo3-database-api/ */ $sword = '"' . $this->databaseHandle->escapeStrForLike($this->databaseHandle->quoteStr($sword, 'fe_users'), 'fe_users') . '%"'; $res = $this->databaseHandle->exec_SELECTquery($this->field, 'fe_users', 'disable=0 AND deleted=0 AND ' . $this->field . ' LIKE ' . $sword . ' AND pid=' . $this->pid . ' AND FIND_IN_SET(' . $this->group_id . ', usergroup)', '', $this->field . ' ASC', '8'); while (list($item) = $this->databaseHandle->sql_fetch_row($res)) { array_push($result, $item); } return $result; }
/** * Find an extension by title, author name or extension key * This is the function used by the TER search. It is using a * scoring for the matches to sort the extension with an * exact key match on top * * @param string $searchString The string to search for extensions * @return mixed */ public function findByTitleOrAuthorNameOrExtensionKey($searchString) { $quotedSearchString = $this->databaseConnection->escapeStrForLike($this->databaseConnection->quoteStr($searchString, 'tx_extensionmanager_domain_model_extension'), 'tx_extensionmanager_domain_model_extension'); $quotedSearchStringForLike = '\'%' . $quotedSearchString . '%\''; $quotedSearchString = '\'' . $quotedSearchString . '\''; $select = self::TABLE_NAME . '.*, ' . 'CASE ' . 'WHEN extension_key = ' . $quotedSearchString . ' THEN 16 ' . 'WHEN extension_key LIKE ' . $quotedSearchStringForLike . ' THEN 8 ' . 'WHEN title LIKE ' . $quotedSearchStringForLike . ' THEN 4 ' . 'WHEN description LIKE ' . $quotedSearchStringForLike . ' THEN 2 ' . 'WHEN author_name LIKE ' . $quotedSearchStringForLike . ' THEN 1 ' . 'END AS position'; $where = '( extension_key = ' . $quotedSearchString . ' OR extension_key LIKE ' . $quotedSearchStringForLike . ' OR title LIKE ' . $quotedSearchStringForLike . ' OR description LIKE ' . $quotedSearchStringForLike . ' OR author_name LIKE ' . $quotedSearchStringForLike . ' ) AND current_version = 1 AND review_state >= 0'; $order = 'position DESC'; $result = $this->databaseConnection->exec_SELECTgetRows($select, self::TABLE_NAME, $where, '', $order); return $this->dataMapper->map(\TYPO3\CMS\Extensionmanager\Domain\Model\Extension::class, $result); }
/** * * Displays the user administration interface. * This includes a list of all registered users ordered descending by * username. The list includes the usergroups a user is member in and the * user's age. A search function is also included. * * @return string The HTML output. * @todo Outsource user management into own class! */ function userManagement() { /* Get template */ $template = file_get_contents(GeneralUtility::getFileAbsFileName('EXT:mm_forum/res/tmpl/mod1/users.html')); $template = tx_mmforum_BeTools::getSubpart($template, '###USERS_LIST###'); $uTemplate = tx_mmforum_BeTools::getSubpart($template, '###USERS_LIST_ITEM###'); // Retrieve global variables global $LANG, $BACK_PATH, $BE_USER; /** @var $LANG \TYPO3\CMS\Lang\LanguageService */ // Generate SQL query $ug = $this->feGroups2Array(); $mmforum = GeneralUtility::_GP('mmforum'); if ($mmforum['no_filter']) { unset($mmforum['sword']); unset($mmforum['old_sword']); } if ($mmforum['old_sword'] && !$mmforum['sword']) { $mmforum['sword'] = $mmforum['old_sword']; } $gp = ''; if ($mmforum['sword']) { $gp = '&mmforum[sword]=' . $mmforum['sword']; } $groups = implode(',', array(intval($this->confArr['userGroup']), intval($this->confArr['modGroup']), intval($this->confArr['adminGroup']))); if ($sword = $mmforum['sword']) { $sword = $this->databaseHandle->escapeStrForLike($sword, 'fe_users'); $sword = $this->databaseHandle->fullQuoteStr($sword . '%', 'fe_users'); $filter = 'username like ' . $sword; } else { $filter = '1'; } // Determine sort order. The default is "ASC" order. switch (strtoupper(GeneralUtility::_GP('mmforum_style'))) { case 'DESC': $orderBy = 'DESC'; break; case 'ASC': default: $orderBy = 'ASC'; break; } if (GeneralUtility::_GP('mmforum_sort') == 'username') { $order = 'username ' . $orderBy . ''; $uOrder = $orderBy == 'ASC' ? 'DESC' : 'ASC'; $aOrder = 'ASC'; } elseif (GeneralUtility::_GP('mmforum_sort') == 'age') { $order = 'crdate ' . $orderBy . ''; $aOrder = $orderBy == 'ASC' ? 'DESC' : 'ASC'; $uOrder = 'ASC'; } else { $order = 'username ' . $orderBy . ''; $aOrder = 'ASC'; $uOrder = 'DESC'; } #$userGroup_query = "(".$this->confArr['userGroup']." IN (usergroup) OR ".$this->confArr['modGroup']." IN (usergroup) OR ".$this->confArr['adminGroup']." IN (usergroup))"; $userGroup_query = "(FIND_IN_SET('" . $this->confArr['userGroup'] . "',usergroup) OR FIND_IN_SET('" . $this->confArr['modGroup'] . "',usergroup) OR FIND_IN_SET('" . $this->confArr['adminGroup'] . "',usergroup))"; #$userGroup_query = "1"; $res = $this->databaseHandle->exec_SELECTquery('count(*)', 'fe_users', "{$filter} and pid='" . $this->confArr['userPID'] . "' and " . $userGroup_query . " and deleted=0"); $row = $this->databaseHandle->sql_fetch_row($res); $records = $row[0]; $pages = ceil($records / $this->confArr['recordsPerPage']); $offset = intval($mmforum['offset']); // Page navigation $pb = $LANG->getLL('page.page') . ' <a href="index.php?mmforum[offset]=0' . $gp . '">[' . $LANG->getLL('page.first') . ']</a> '; $end = $offset + 6 >= $pages ? $pages : $offset + 6; $start = $offset - 5; if ($start < 0) { $start = 0; } if ($start > 0) { $pb .= '... '; } for ($i = $start; $i < $end; $i++) { $pb .= '<a href="index.php?mmforum[offset]=' . $i . $gp . '">' . ($i == $offset ? '<b>' . ($i + 1) . '</b>' : $i + 1) . '</a> '; } if ($offset + 11 < $pages) { $pb .= ' ... <a href="index.php?mmforum[offset]=' . ($pages - 1) . $gp . '">[' . $LANG->getLL('page.last') . ']</a> '; } // Generate header table if ($records < $this->confArr['recordsPerPage']) { $mDisp = $records; } else { $mDisp = $offset * $this->confArr['recordsPerPage'] + $this->confArr['recordsPerPage']; } $userString = sprintf($LANG->getLL('useradmin.usercount'), $offset * $this->confArr['recordsPerPage'] + 1, $mDisp, $records); $out = '<table width="733"><tr>'; $out .= '<td width="420">' . $pb . '</td>'; $out .= '<td width="120" align="center"><b>' . $userString . '</b></td>'; $out .= '<td align="right">' . $LANG->getLL('useradmin.searchfor') . ': <input type="text" id="sword" size="20" name="mmforum[sword]" /></td>'; $out .= '</tr></table>'; if ($mmforum['sword'] || $mmforum['old_sword']) { $out .= '<p>' . $LANG->getLL('useradmin.filter') . ': ' . $mmforum['sword'] . '* <a href="index.php?mmforum[no_filter]=1&' . $this->linkParams($mmforum) . '">' . $LANG->getLL('useradmin.filter.clear') . '</a></p>'; $out .= '<input type="hidden" name="mmforum[old_sword]" value="' . $mmforum['sword'] . '" />'; } // Display userdata table // Execute database query $res = $this->databaseHandle->exec_SELECTquery('*', 'fe_users', "{$filter} and pid='" . $this->confArr['userPID'] . "' and deleted=0 AND " . $userGroup_query, '', $order, $offset * $this->confArr['recordsPerPage'] . "," . $this->confArr['recordsPerPage']); if ($res) { $marker = array('###USERS_LLL_TITLE###' => $LANG->getLL('users.title'), '###USERS_LLL_USERNAME###' => '<a href="index.php?mmforum_sort=username&mmforum_style=' . $uOrder . '">' . $LANG->getLL('useradmin.username') . '</a>', '###USERS_LLL_REGISTERED###' => '<a href="index.php?mmforum_sort=age&mmforum_style=' . $aOrder . '">' . $LANG->getLL('useradmin.age') . '</a>', '###USERS_LLL_GROUPS###' => $LANG->getLL('useradmin.usergroup'), '###USERS_LLL_OPTIONS###' => ' '); $i = 0; $uContent = ''; while ($row = $this->databaseHandle->sql_fetch_assoc($res)) { // Display user groups $g = explode(',', $row['usergroup']); $outg = ''; foreach ($g as $sg) { $outg .= $ug[$sg] . ', '; } $iconAltText = BackendUtility::getRecordIconAltText($row, $table); $elementTitle = BackendUtility::getRecordPath($row['uid'], '1=1', 0); $elementTitle = GeneralUtility::fixed_lgd_cs($elementTitle, -$BE_USER->uc['titleLen']); $elementIcon = IconUtility::getIconImage($table, $row, $BACK_PATH, 'class="c-recicon" title="' . $iconAltText . '"'); $params = '&edit[fe_users][' . $row['uid'] . ']=edit'; $editOnClick = BackendUtility::editOnClick($params, $BACK_PATH); // Generate row item $class_suffix = $i++ % 2 == 0 ? '2' : ''; $link = "index.php?mmforum[cid]=" . $row['uid']; $js = 'onmouseover="this.className=\'mm_forum-listrow_active\'; this.style.cursor=\'pointer\';" onmouseout="this.className=\'mm_forum-listrow' . $class_suffix . '\'" onclick="' . htmlspecialchars($editOnClick) . '"'; $icon = '<img src="../icon_tx_mmforum_forums.gif" />'; $hidden = $row['hidden'] == 1 ? '<span style="color:blue;">[' . $LANG->getLL('boardadmin.hidden') . ']</span> ' : ''; $uMarker = array('###USER_USERNAME###' => htmlspecialchars($row['username']), '###USER_REGISTERED###' => BackendUtility::dateTimeAge($row['crdate'], 1), '###USER_GROUPS###' => substr($outg, -2) == ', ' ? substr($outg, 0, strlen($outg) - 2) : $outg, '###USER_OPTIONS###' => '<img src="img/edit.png" onclick="' . htmlspecialchars($editOnClick) . '" style="cursor:pointer;" />'); $uContent .= tx_mmforum_BeTools::substituteMarkerArray($uTemplate, $uMarker); } $template = tx_mmforum_BeTools::substituteSubpart($template, '###USERS_LIST_ITEM###', $uContent); $template = tx_mmforum_BeTools::substituteMarkerArray($template, $marker); $out .= $template; } return $out; }
/** * Go through the soft refindex and find all occurences where the old filename * is still written in the ref_string * * @return array Entries from sys_refindex */ protected function findMagicImagesInOldLocation() { $records = $this->db->exec_SELECTgetRows('hash, tablename, recuid, field, ref_table, ref_uid, ref_string', 'sys_refindex', 'ref_string LIKE ' . $this->db->fullQuoteStr($this->db->escapeStrForLike($this->oldPrefix, 'sys_refindex') . '%', 'sys_refindex'), '', 'ref_string ASC'); return $records; }
/** * @test */ public function escapeStringForLikeComparison() { $this->assertEquals('foo\\_bar\\%', $this->fixture->escapeStrForLike('foo_bar%', 'table')); }