Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

views/json/resources/livesearch/users.php (1 issue)

1
<?php
2
3
elgg_gatekeeper();
4
5
$limit = get_input('limit', elgg_get_config('default_limit'));
6
$query = get_input('term', get_input('q'));
7
$input_name = get_input('name');
8
9
elgg_set_http_header("Content-Type: application/json;charset=utf-8");
10
11
$options = [
12
	'query' => $query,
13
	'type' => 'user',
14
	'limit' => $limit,
15
	'sort' => 'name',
16
	'order' => 'ASC',
17
	'fields' => ['metadata' => ['name', 'username']],
18
	'item_view' => 'search/entity',
19
	'input_name' => $input_name,
20
];
21
22
if (get_input('friends_only', false)) {
23
	$target_guid = get_input('match_target');
24
	if ($target_guid) {
25
		$target = get_entity($target_guid);
0 ignored issues
show
It seems like $target_guid can also be of type string; however, parameter $guid of get_entity() does only seem to accept integer, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

25
		$target = get_entity(/** @scrutinizer ignore-type */ $target_guid);
Loading history...
26
	} else {
27
		$target = elgg_get_logged_in_user_entity();
28
	}
29
30
	if (!$target || !$target->canEdit()) {
31
		throw new \Elgg\EntityPermissionsException();
32
	}
33
34
	$dbprefix = elgg_get_config('dbprefix');
35
	$options['wheres'][] = function(QueryBuilder $qb) use ($target) {
36
		$subquery = $qb->subquery('entity_relationships', 'er');
37
		$subquery->select('1')
38
			->where($qb->compare('er.guid_two', '=', 'e.guid'))
39
			->andWhere($qb->compare('er.relationship', '=', 'friend', ELGG_VALUE_STRING))
40
			->andWhere($qb->compare('er.guid_one', '=', $target->guid, ELGG_VALUE_INTEGER));
41
42
		return "EXISTS ({$subquery->getSQL()})";
43
	};
44
}
45
46
echo elgg_list_entities($options, 'elgg_search');
47