diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2016-12-25 17:54:11 +0100 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2017-01-03 22:56:42 +0100 |
| commit | 7cad25e4cbed2efbf891001cd2664f825674d5a7 (patch) | |
| tree | 899eaf8cd5592e6dd9428363c17724da3c1c1a2c /phpBB/phpbb | |
| parent | bc96a9f1f67df4719f66896590288eb03f6ca12d (diff) | |
| download | forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.gz forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.bz2 forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.tar.xz forums-7cad25e4cbed2efbf891001cd2664f825674d5a7.zip | |
[ticket/14838] Do not query full attachments table in feeds
The fetch_attachments() will also now throw a runtime exception if a feed
tries to do this nonetheless.
PHPBB3-14838
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/feed/attachments_base.php | 26 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/forum.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/news.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/overall.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/topic.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/topics.php | 2 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/topics_active.php | 2 |
7 files changed, 35 insertions, 3 deletions
diff --git a/phpBB/phpbb/feed/attachments_base.php b/phpBB/phpbb/feed/attachments_base.php index 04812f1570..f74560c787 100644 --- a/phpBB/phpbb/feed/attachments_base.php +++ b/phpBB/phpbb/feed/attachments_base.php @@ -25,8 +25,11 @@ abstract class attachments_base extends \phpbb\feed\base /** * Retrieve the list of attachments that may be displayed + * + * @param array $post_ids Specify for which post IDs to fetch the attachments (optional) + * @param array $topic_ids Specify for which topic IDs to fetch the attachments (optional) */ - protected function fetch_attachments() + protected function fetch_attachments($post_ids = array(), $topic_ids = array()) { $sql_array = array( 'SELECT' => 'a.*', @@ -37,7 +40,20 @@ abstract class attachments_base extends \phpbb\feed\base 'ORDER_BY' => 'a.filetime DESC, a.post_msg_id ASC', ); - if (isset($this->topic_id)) + if (!empty($post_ids)) + { + $sql_array['WHERE'] .= 'AND ' . $this->db->sql_in_set('a.post_msg_id', $post_ids); + } + else if (!empty($topic_ids)) + { + if (isset($this->topic_id)) + { + $topic_ids[] = $this->topic_id; + } + + $sql_array['WHERE'] .= 'AND ' . $this->db->sql_in_set('a.topic_id', $topic_ids); + } + else if (isset($this->topic_id)) { $sql_array['WHERE'] .= 'AND a.topic_id = ' . (int) $this->topic_id; } @@ -51,6 +67,11 @@ abstract class attachments_base extends \phpbb\feed\base ); $sql_array['WHERE'] .= 'AND t.forum_id = ' . (int) $this->forum_id; } + else + { + // Do not allow querying the full attachments table + throw new \RuntimeException($this->user->lang('INVALID_FEED_ATTACHMENTS')); + } $sql = $this->db->sql_build_query('SELECT', $sql_array); $result = $this->db->sql_query($sql); @@ -69,7 +90,6 @@ abstract class attachments_base extends \phpbb\feed\base public function open() { parent::open(); - $this->fetch_attachments(); } /** diff --git a/phpBB/phpbb/feed/forum.php b/phpBB/phpbb/feed/forum.php index 7a2087c1cd..6aba12a147 100644 --- a/phpBB/phpbb/feed/forum.php +++ b/phpBB/phpbb/feed/forum.php @@ -112,6 +112,8 @@ class forum extends \phpbb\feed\post_base return false; } + parent::fetch_attachments(array(), $topic_ids); + $this->sql = array( 'SELECT' => 'p.post_id, p.topic_id, p.post_time, p.post_edit_time, p.post_visibility, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, p.post_attachment, ' . 'u.username, u.user_id', diff --git a/phpBB/phpbb/feed/news.php b/phpBB/phpbb/feed/news.php index a02c199d85..5d4786518b 100644 --- a/phpBB/phpbb/feed/news.php +++ b/phpBB/phpbb/feed/news.php @@ -83,6 +83,8 @@ class news extends \phpbb\feed\topic_base return false; } + parent::fetch_attachments($post_ids); + $this->sql = array( 'SELECT' => 'f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_posts_approved, t.topic_posts_unapproved, t.topic_posts_softdeleted, t.topic_views, t.topic_time, t.topic_last_post_time, diff --git a/phpBB/phpbb/feed/overall.php b/phpBB/phpbb/feed/overall.php index ab452f5386..1176a9c182 100644 --- a/phpBB/phpbb/feed/overall.php +++ b/phpBB/phpbb/feed/overall.php @@ -52,6 +52,8 @@ class overall extends \phpbb\feed\post_base return false; } + parent::fetch_attachments(array(), $topic_ids); + // Get the actual data $this->sql = array( 'SELECT' => 'f.forum_id, f.forum_name, ' . diff --git a/phpBB/phpbb/feed/topic.php b/phpBB/phpbb/feed/topic.php index 66c49e55cf..295bf3f795 100644 --- a/phpBB/phpbb/feed/topic.php +++ b/phpBB/phpbb/feed/topic.php @@ -91,6 +91,8 @@ class topic extends \phpbb\feed\post_base function get_sql() { + parent::fetch_attachments(); + $this->sql = array( 'SELECT' => 'p.post_id, p.post_time, p.post_edit_time, p.post_visibility, p.post_subject, p.post_text, p.bbcode_bitfield, p.bbcode_uid, p.enable_bbcode, p.enable_smilies, p.enable_magic_url, p.post_attachment, ' . 'u.username, u.user_id', diff --git a/phpBB/phpbb/feed/topics.php b/phpBB/phpbb/feed/topics.php index 2b9cb3501a..e6416bc064 100644 --- a/phpBB/phpbb/feed/topics.php +++ b/phpBB/phpbb/feed/topics.php @@ -55,6 +55,8 @@ class topics extends \phpbb\feed\topic_base return false; } + parent::fetch_attachments($post_ids); + $this->sql = array( 'SELECT' => 'f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_poster, t.topic_first_poster_name, t.topic_posts_approved, t.topic_posts_unapproved, t.topic_posts_softdeleted, t.topic_views, t.topic_time, t.topic_last_post_time, diff --git a/phpBB/phpbb/feed/topics_active.php b/phpBB/phpbb/feed/topics_active.php index 6d5eddfc16..3b751f3233 100644 --- a/phpBB/phpbb/feed/topics_active.php +++ b/phpBB/phpbb/feed/topics_active.php @@ -71,6 +71,8 @@ class topics_active extends \phpbb\feed\topic_base return false; } + parent::fetch_attachments($post_ids); + $this->sql = array( 'SELECT' => 'f.forum_id, f.forum_name, t.topic_id, t.topic_title, t.topic_posts_approved, t.topic_posts_unapproved, t.topic_posts_softdeleted, t.topic_views, |