diff options
| author | Jakub Senko <jakubsenko@gmail.com> | 2016-05-23 18:13:17 +0200 |
|---|---|---|
| committer | Jakub Senko <jakubsenko@gmail.com> | 2016-05-23 18:13:17 +0200 |
| commit | 7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458 (patch) | |
| tree | 22cd58c2787702a049ad0e83291fd81520cb081b /phpBB/phpbb/notification | |
| parent | e7262e2d39feb7946710f6ae4bb17aac67f26204 (diff) | |
| download | forums-7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458.tar forums-7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458.tar.gz forums-7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458.tar.bz2 forums-7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458.tar.xz forums-7e6371ea8e10b4ad5bc93e0d1485f3db4a4ef458.zip | |
[ticket/11446] Use sql_in_set properly in phpbb_notification_manager
PHPBB3-11446
Diffstat (limited to 'phpBB/phpbb/notification')
| -rw-r--r-- | phpBB/phpbb/notification/manager.php | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/phpBB/phpbb/notification/manager.php b/phpBB/phpbb/notification/manager.php index 222d9fe9e6..71407bbcec 100644 --- a/phpBB/phpbb/notification/manager.php +++ b/phpBB/phpbb/notification/manager.php @@ -192,7 +192,7 @@ class manager $sql = 'SELECT n.*, nt.notification_type_name FROM ' . $this->notifications_table . ' n, ' . $this->notification_types_table . ' nt WHERE n.user_id = ' . (int) $options['user_id'] . - (($options['notification_id']) ? ((is_array($options['notification_id'])) ? ' AND ' . $this->db->sql_in_set('n.notification_id', $options['notification_id']) : ' AND n.notification_id = ' . (int) $options['notification_id']) : '') . ' + (($options['notification_id']) ? ' AND ' . $this->db->sql_in_set('n.notification_id', $options['notification_id']) : '') . ' AND nt.notification_type_id = n.notification_type_id AND nt.notification_type_enabled = 1 ORDER BY n.' . $this->db->sql_escape($options['order_by']) . ' ' . $this->db->sql_escape($options['order_dir']); @@ -275,10 +275,9 @@ class manager $sql = 'UPDATE ' . $this->notifications_table . " SET notification_read = 1 WHERE notification_time <= " . (int) $time . - (($notification_type_name !== false) ? ' AND ' . - (is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') . - (($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : '') . - (($item_id !== false) ? ' AND ' . (is_array($item_id) ? $this->db->sql_in_set('item_id', $item_id) : 'item_id = ' . (int) $item_id) : ''); + (($notification_type_name !== false) ? ' AND ' . $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : '') . + (($user_id !== false) ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : '') . + (($item_id !== false) ? ' AND ' . $this->db->sql_in_set('item_id', $item_id) : ''); $this->db->sql_query($sql); } @@ -297,10 +296,9 @@ class manager $sql = 'UPDATE ' . $this->notifications_table . " SET notification_read = 1 WHERE notification_time <= " . (int) $time . - (($notification_type_name !== false) ? ' AND ' . - (is_array($notification_type_name) ? $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : 'notification_type_id = ' . $this->get_notification_type_id($notification_type_name)) : '') . - (($item_parent_id !== false) ? ' AND ' . (is_array($item_parent_id) ? $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : 'item_parent_id = ' . (int) $item_parent_id) : '') . - (($user_id !== false) ? ' AND ' . (is_array($user_id) ? $this->db->sql_in_set('user_id', $user_id) : 'user_id = ' . (int) $user_id) : ''); + (($notification_type_name !== false) ? ' AND ' . $this->db->sql_in_set('notification_type_id', $this->get_notification_type_ids($notification_type_name)) : '') . + (($item_parent_id !== false) ? ' AND ' . $this->db->sql_in_set('item_parent_id', $item_parent_id, false, true) : '') . + (($user_id !== false) ? ' AND ' . $this->db->sql_in_set('user_id', $user_id) : ''); $this->db->sql_query($sql); } @@ -317,7 +315,7 @@ class manager $sql = 'UPDATE ' . $this->notifications_table . " SET notification_read = 1 WHERE notification_time <= " . (int) $time . ' - AND ' . ((is_array($notification_id)) ? $this->db->sql_in_set('notification_id', $notification_id) : 'notification_id = ' . (int) $notification_id); + AND ' . $this->db->sql_in_set('notification_id', $notification_id); $this->db->sql_query($sql); } @@ -542,8 +540,8 @@ class manager $sql = 'DELETE FROM ' . $this->notifications_table . ' WHERE notification_type_id = ' . (int) $notification_type_id . ' - AND ' . (is_array($item_id) ? $this->db->sql_in_set('item_id', $item_id) : 'item_id = ' . (int) $item_id) . - (($parent_id !== false) ? ' AND ' . ((is_array($parent_id) ? $this->db->sql_in_set('item_parent_id', $parent_id) : 'item_parent_id = ' . (int) $parent_id)) : ''); + AND ' . $this->db->sql_in_set('item_id', $item_id) . + (($parent_id !== false) ? ' AND ' . $this->db->sql_in_set('item_parent_id', $parent_id) : ''); $this->db->sql_query($sql); } |