diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2016-12-25 17:54:11 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-01-03 22:56:42 +0100 |
| commit | 7cad25e4cbed2efbf891001cd2664f825674d5a7 (patch) | |
| tree | 899eaf8cd5592e6dd9428363c17724da3c1c1a2c /phpBB/phpbb/feed/attachments_base.php | |
| parent | bc96a9f1f67df4719f66896590288eb03f6ca12d (diff) | |
| download | forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.gz forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.bz2 forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.xz forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.zip | |
[ticket/14838] Do not query full attachments table in feeds
The fetch_attachments() will also now throw a runtime exception if a feed
tries to do this nonetheless.
PHPBB3-14838
Diffstat (limited to 'phpBB/phpbb/feed/attachments_base.php')
| -rw-r--r-- | phpBB/phpbb/feed/attachments_base.php | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/phpBB/phpbb/feed/attachments_base.php b/phpBB/phpbb/feed/attachments_base.php index 04812f1570..f74560c787 100644 --- a/phpBB/phpbb/feed/attachments_base.php +++ b/phpBB/phpbb/feed/attachments_base.php @@ -25,8 +25,11 @@ abstract class attachments_base extends \phpbb\feed\base /** * Retrieve the list of attachments that may be displayed + * + * @param array $post_ids Specify for which post IDs to fetch the attachments (optional) + * @param array $topic_ids Specify for which topic IDs to fetch the attachments (optional) */ - protected function fetch_attachments() + protected function fetch_attachments($post_ids = array(), $topic_ids = array()) { $sql_array = array( 'SELECT' => 'a.*', @@ -37,7 +40,20 @@ abstract class attachments_base extends \phpbb\feed\base 'ORDER_BY' => 'a.filetime DESC, a.post_msg_id ASC', ); - if (isset($this->topic_id)) + if (!empty($post_ids)) + { + $sql_array['WHERE'] .= 'AND ' . $this->db->sql_in_set('a.post_msg_id', $post_ids); + } + else if (!empty($topic_ids)) + { + if (isset($this->topic_id)) + { + $topic_ids[] = $this->topic_id; + } + + $sql_array['WHERE'] .= 'AND ' . $this->db->sql_in_set('a.topic_id', $topic_ids); + } + else if (isset($this->topic_id)) { $sql_array['WHERE'] .= 'AND a.topic_id = ' . (int) $this->topic_id; } @@ -51,6 +67,11 @@ abstract class attachments_base extends \phpbb\feed\base ); $sql_array['WHERE'] .= 'AND t.forum_id = ' . (int) $this->forum_id; } + else + { + // Do not allow querying the full attachments table + throw new \RuntimeException($this->user->lang('INVALID_FEED_ATTACHMENTS')); + } $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); @@ -69,7 +90,6 @@ abstract class attachments_base extends \phpbb\feed\base public function open() { parent::open(); - $this->fetch_attachments(); } /** |