Issues in AnswerHandler.php (master) - Issues in master - mambax7/smartfaq - Measure and Improve Code Quality continuously with Scrutinizer

Issues (299)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/AnswerHandler.php (1 issue)

Labels

Severity

Minor 1

<?php declare(strict_types=1);

namespace XoopsModules\Smartfaq;

/**
 * Module: SmartFAQ
 * Author: The SmartFactory <www.smartfactory.ca>
 * Licence: GNU
 */

use Criteria;
use CriteriaCompo;
use CriteriaElement;
use XoopsDatabase;
use XoopsModules\Smartfaq;
use XoopsObject;
use XoopsPersistableObjectHandler;

/**
 * Answers handler class.
 * This class is responsible for providing data access mechanisms to the data source
 * of Answer class objects.
 *
 * @author  marcan <[email protected]>
 */
class AnswerHandler extends XoopsPersistableObjectHandler
{
    public $helper;

    /**
     * @param \XoopsDatabase|null                $db
     * @param \XoopsModules\Smartfaq\Helper|null $helper
     */
    public function __construct(XoopsDatabase $db = null, \XoopsModules\Smartfaq\Helper $helper = null)
    {
        /** @var \XoopsModules\Smartfaq\Helper $this ->helper */
        if (null === $helper) {
            $this->helper = \XoopsModules\Smartfaq\Helper::getInstance();
        } else {
            $this->helper = $helper;
        }
        $smartfaqIsAdmin = $this->helper->isUserAdmin();

        parent::__construct($db, 'smartfaq_answers', Answer::class, 'answerid', 'answer');
    }

    /**
     * create a new answer
     *
     * @param bool $isNew flag the new objects as "new"?
     * @return object Answer
     */
    public function create($isNew = true)
    {
        $answer = new Smartfaq\Answer();
        if ($isNew) {
            $answer->setNew();
        }

        return $answer;
    }

    /**
     * retrieve an answer
     *
     * @param int  $id answerid of the answer
     * @param null $fields
     * @return mixed reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object, FALSE if failed
     */
    public function get($id = null, $fields = null)
    {
        if ((int)$id > 0) {
            $sql = 'SELECT * FROM ' . $this->db->prefix('smartfaq_answers') . ' WHERE answerid=' . $id;
            if (!$result = $this->db->query($sql)) {
                return false;
            }

            $numrows = $this->db->getRowsNum($result);
            if (1 == $numrows) {
                $answer = new Smartfaq\Answer();
                $answer->assignVars($this->db->fetchArray($result));

                return $answer;
            }
        }

        return false;
    }

    /**
     * insert a new answer in the database
     *
     * @param \XoopsObject $object reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object
     * @param bool         $force
     * @return bool        FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert(XoopsObject $object, $force = false)
    {
        if ('xoopsmodules\smartfaq\answer' !== \mb_strtolower(\get_class($object))) {
            return false;
        }
        if (!$object->isDirty()) {
            return true;
        }
        if (!$object->cleanVars()) {
            return false;
        }

        foreach ($object->cleanVars as $k => $v) {
            ${$k} = $v;
        }

        if ($object->isNew()) {
            $sql = \sprintf('INSERT INTO `%s` (answerid, `status`, faqid, answer, uid, datesub, notifypub) VALUES (NULL, %u, %u, %s, %u, %u, %u)', $this->db->prefix('smartfaq_answers'), $status, $faqid, $this->db->quoteString($answer), $uid, \time(), $notifypub);
        } else {
            $sql = \sprintf('UPDATE `%s` SET STATUS = %u, faqid = %s, answer = %s, uid = %u, datesub = %u, notifypub = %u WHERE answerid = %u', $this->db->prefix('smartfaq_answers'), $status, $faqid, $this->db->quoteString($answer), $uid, $datesub, $notifypub, $answerid);
        }

        if ($force) {
            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        if (!$result) {
            return false;
        }

        if ($object->isNew()) {
            $object->assignVar('answerid', $this->db->getInsertId());
        } else {
            $object->assignVar('answerid', $answerid);
        }

        return true;
    }

    /**
     * delete an answer from the database
     *
     * @param \XoopsObject $object reference to the answer to delete
     * @param bool         $force
     * @return bool        FALSE if failed.
     */
    public function delete(XoopsObject $object, $force = false)
    {
        if ('xoopsmodules\smartfaq\answer' !== \mb_strtolower(\get_class($object))) {
            return false;
        }
        $sql = \sprintf('DELETE FROM `%s` WHERE answerid = %u', $this->db->prefix('smartfaq_answers'), $object->getVar('answerid'));

        //echo "<br>" . $sql . "<br>";

        if ($force) {
            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }
        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * delete an answer from the database
     *
     * @param object $faqObj reference to the answer to delete
     * @return bool   FALSE if failed.
     * @internal param bool $force
     */
    public function deleteFaqAnswers($faqObj)
    {
        if ('xoopsmodules\smartfaq\faq' !== \mb_strtolower(\get_class($faqObj))) {
            return false;
        }
        $answers = $this->getAllAnswers($faqObj->faqid());
        $result  = true;
        foreach ($answers as $answer) {
            if (!$this->delete($answer)) {
                $result = false;
            }
        }

        return $result;
    }

    /**
     * retrieve answers from the database
     *
     * @param \CriteriaElement|null $criteria  {@link CriteriaElement} conditions to be met
     * @param bool                  $id_as_key use the answerid as key for the array?
     * @param bool                  $as_object
     * @return array           array of <a href='psi_element://sfAnswer'>sfAnswer</a> objects
     */
    public function &getObjects(CriteriaElement $criteria = null, $id_as_key = false, $as_object = true)
    {
        $ret   = [];
        $limit = $start = 0;
        $sql   = 'SELECT * FROM ' . $this->db->prefix('smartfaq_answers');
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
            if ('' != $criteria->getSort()) {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        //echo "<br>" . $sql . "<br>";
        $result = $this->db->query($sql, $limit, $start);
        if ($this->db->isResultSet($result)) {
            while (false !== ($myrow = $this->db->fetchArray($result))) {
                $answer = new Smartfaq\Answer();
                $answer->assignVars($myrow);
                if ($id_as_key) {
                    $ret[$myrow['answerid']] = $answer;
                } else {
                    $ret[] = &$answer;
                }
                unset($answer);
            }
        }

        return $ret;
    }

    /**
     * retrieve 1 official answer (for now SmartFAQ only allow 1 official answer...)
     *
     * @param int $faqid
     * @return mixed reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object, FALSE if failed
     */
    public function getOfficialAnswer($faqid = 0)
    {
        $theaAnswers = $this->getAllAnswers($faqid, Constants::SF_AN_STATUS_APPROVED, 1, 0);
        $ret         = false;
        if (1 == \count($theaAnswers)) {
            $ret = $theaAnswers[0];
        }

        return $ret;
    }

    /**
     * retrieve all answers
     *
     * @param int       $faqid
     * @param int|array $status
     * @param int       $limit
     * @param int       $start
     * @param string    $sort
     * @param string    $order
     * @return array  array of <a href='psi_element://sfAnswer'>sfAnswer</a> objects
     */
    public function getAllAnswers(
        $faqid = 0,
        $status = -1,
        $limit = 0,
        $start = 0,
        $sort = 'datesub',
        $order = 'DESC'
    ) {
        $hasStatusCriteria = false;
        $criteriaStatus    = new CriteriaCompo();
        if (\is_array($status)) {
            $hasStatusCriteria = true;
            foreach ($status as $v) {
                $criteriaStatus->add(new Criteria('status', $v), 'OR');
            }
        } elseif (-1 != $status) {
            $hasStatusCriteria = true;
            $criteriaStatus->add(new Criteria('status', $status), 'OR');
        }
        $criteriaFaqid = new Criteria('faqid', $faqid);

        $criteria = new CriteriaCompo();
        $criteria->add($criteriaFaqid);

        if ($hasStatusCriteria) {
            $criteria->add($criteriaStatus);
        }

        $criteria->setSort($sort);
        $criteria->setOrder($order);
        $criteria->setLimit($limit);
        $criteria->setStart($start);
        $ret = $this->getObjects($criteria);

        return $ret;
    }

    /**
     * count answers matching a condition
     *
     * @param \CriteriaElement|null $criteria {@link CriteriaElement} to match
     * @return int             count of answers
     */
    public function getCount(CriteriaElement $criteria = null)
    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('smartfaq_answers');
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        [$count] = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * count answers matching a condition and group by faq ID
     *
     * @param object $criteria {@link CriteriaElement} to match
     * @return array
     */
    public function getCountByFAQ($criteria = null)
    {
        $sql = 'SELECT faqid, COUNT(*) FROM ' . $this->db->prefix('smartfaq_answers');
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
            $sql .= ' ' . $criteria->getGroupby();
        }

        //echo "<br>$sql<br>";

        $result = $this->db->query($sql);
        if (!$result) {
            return [];
        }
        $ret = [];
        while ([$id, $count] = $this->db->fetchRow($result)) {
            $ret[$id] = $count;
        }

        return $ret;
    }

    /**
     * delete answers matching a set of conditions
     *
     * @param \CriteriaElement|null $criteria {@link CriteriaElement}
     * @param bool                  $force
     * @param bool                  $asObject
     * @return bool            FALSE if deletion failed
     */
    public function deleteAll(CriteriaElement $criteria = null, $force = true, $asObject = false)
    {
        $sql = 'DELETE FROM ' . $this->db->prefix('smartfaq_answers');
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * Change a value for answers with a certain criteria
     *
     * @param string                $fieldname  Name of the field
     * @param string                $fieldvalue Value to write
     * @param \CriteriaElement|null $criteria   {@link CriteriaElement}
     * @param bool                  $force
     * @return bool
     */
    public function updateAll($fieldname, $fieldvalue, CriteriaElement $criteria = null, $force = false)
    {
        $set_clause = \is_numeric($fieldvalue) ? $fieldname . ' = ' . $fieldvalue : $fieldname . ' = ' . $this->db->quoteString($fieldvalue);
        $sql        = 'UPDATE ' . $this->db->prefix('smartfaq_answers') . ' SET ' . $set_clause;
        if (($criteria instanceof \CriteriaCompo) || ($criteria instanceof \Criteria)) {
            $sql .= ' ' . $criteria->renderWhere();
        }
        //echo "<br>" . $sql . "<br>";
        if (!$this->db->queryF($sql)) {
            return false;
        }

        return true;
    }

    /**
     * @param $faqids
     * @return array
     */
    public function getLastPublishedByFaq($faqids)
    {
        $ret    = [];
        $sql    = 'SELECT faqid, answer, uid, datesub FROM ' . $this->db->prefix('smartfaq_answers') . '
               WHERE faqid IN (' . \implode(',', $faqids) . ') AND status = ' . Constants::SF_AN_STATUS_APPROVED . ' GROUP BY faqid';
        $result = $this->db->query($sql);
        if (!$result) {
            return $ret;
        }
        while (false !== ($row = $this->db->fetchArray($result))) {
            $answer = new Smartfaq\Answer();
            $answer->assignVars($row);
            $ret[$row['faqid']] = &$answer;
            unset($answer);
        }

        return $ret;
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\Smartfaq;
4
5			/**
6			* Module: SmartFAQ
7			* Author: The SmartFactory <www.smartfactory.ca>
8			* Licence: GNU
9			*/
10
11			use Criteria;
12			use CriteriaCompo;
13			use CriteriaElement;
14			use XoopsDatabase;
15			use XoopsModules\Smartfaq;
16			use XoopsObject;
17			use XoopsPersistableObjectHandler;
18
19			/**
20			* Answers handler class.
21			* This class is responsible for providing data access mechanisms to the data source
22			* of Answer class objects.
23			*
24			* @author marcan <[email protected]>
25			*/
26			class AnswerHandler extends XoopsPersistableObjectHandler
27			{
28			public $helper;
29
30			/**
31			* @param \XoopsDatabase\|null $db
32			* @param \XoopsModules\Smartfaq\Helper\|null $helper
33			*/
34			public function __construct(XoopsDatabase $db = null, \XoopsModules\Smartfaq\Helper $helper = null)
35			{
36			/** @var \XoopsModules\Smartfaq\Helper $this ->helper */
37			if (null === $helper) {
38			$this->helper = \XoopsModules\Smartfaq\Helper::getInstance();
39			} else {
40			$this->helper = $helper;
41			}
42			$smartfaqIsAdmin = $this->helper->isUserAdmin();
			0 ignored issues – show Unused Code introduced 2019-08-17 13:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$smartfaqIsAdmin` is dead and can be removed. Loading history...
43			parent::__construct($db, 'smartfaq_answers', Answer::class, 'answerid', 'answer');
44			}
45
46			/**
47			* create a new answer
48			*
49			* @param bool $isNew flag the new objects as "new"?
50			* @return object Answer
51			*/
52			public function create($isNew = true)
53			{
54			$answer = new Smartfaq\Answer();
55			if ($isNew) {
56			$answer->setNew();
57			}
58
59			return $answer;
60			}
61
62			/**
63			* retrieve an answer
64			*
65			* @param int $id answerid of the answer
66			* @param null $fields
67			* @return mixed reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object, FALSE if failed
68			*/
69			public function get($id = null, $fields = null)
70			{
71			if ((int)$id > 0) {
72			$sql = 'SELECT * FROM ' . $this->db->prefix('smartfaq_answers') . ' WHERE answerid=' . $id;
73			if (!$result = $this->db->query($sql)) {
74			return false;
75			}
76
77			$numrows = $this->db->getRowsNum($result);
78			if (1 == $numrows) {
79			$answer = new Smartfaq\Answer();
80			$answer->assignVars($this->db->fetchArray($result));
81
82			return $answer;
83			}
84			}
85
86			return false;
87			}
88
89			/**
90			* insert a new answer in the database
91			*
92			* @param \XoopsObject $object reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object
93			* @param bool $force
94			* @return bool FALSE if failed, TRUE if already present and unchanged or successful
95			*/
96			public function insert(XoopsObject $object, $force = false)
97			{
98			if ('xoopsmodules\smartfaq\answer' !== \mb_strtolower(\get_class($object))) {
99			return false;
100			}
101			if (!$object->isDirty()) {
102			return true;
103			}
104			if (!$object->cleanVars()) {
105			return false;
106			}
107
108			foreach ($object->cleanVars as $k => $v) {
109			${$k} = $v;
110			}
111
112			if ($object->isNew()) {
113			$sql = \sprintf('INSERT INTO `%s` (answerid, `status`, faqid, answer, uid, datesub, notifypub) VALUES (NULL, %u, %u, %s, %u, %u, %u)', $this->db->prefix('smartfaq_answers'), $status, $faqid, $this->db->quoteString($answer), $uid, \time(), $notifypub);
114			} else {
115			$sql = \sprintf('UPDATE `%s` SET STATUS = %u, faqid = %s, answer = %s, uid = %u, datesub = %u, notifypub = %u WHERE answerid = %u', $this->db->prefix('smartfaq_answers'), $status, $faqid, $this->db->quoteString($answer), $uid, $datesub, $notifypub, $answerid);
116			}
117
118			if ($force) {
119			$result = $this->db->queryF($sql);
120			} else {
121			$result = $this->db->query($sql);
122			}
123
124			if (!$result) {
125			return false;
126			}
127
128			if ($object->isNew()) {
129			$object->assignVar('answerid', $this->db->getInsertId());
130			} else {
131			$object->assignVar('answerid', $answerid);
132			}
133
134			return true;
135			}
136
137			/**
138			* delete an answer from the database
139			*
140			* @param \XoopsObject $object reference to the answer to delete
141			* @param bool $force
142			* @return bool FALSE if failed.
143			*/
144			public function delete(XoopsObject $object, $force = false)
145			{
146			if ('xoopsmodules\smartfaq\answer' !== \mb_strtolower(\get_class($object))) {
147			return false;
148			}
149			$sql = \sprintf('DELETE FROM `%s` WHERE answerid = %u', $this->db->prefix('smartfaq_answers'), $object->getVar('answerid'));
150
151			//echo "<br>" . $sql . "<br>";
152
153			if ($force) {
154			$result = $this->db->queryF($sql);
155			} else {
156			$result = $this->db->query($sql);
157			}
158			if (!$result) {
159			return false;
160			}
161
162			return true;
163			}
164
165			/**
166			* delete an answer from the database
167			*
168			* @param object $faqObj reference to the answer to delete
169			* @return bool FALSE if failed.
170			* @internal param bool $force
171			*/
172			public function deleteFaqAnswers($faqObj)
173			{
174			if ('xoopsmodules\smartfaq\faq' !== \mb_strtolower(\get_class($faqObj))) {
175			return false;
176			}
177			$answers = $this->getAllAnswers($faqObj->faqid());
178			$result = true;
179			foreach ($answers as $answer) {
180			if (!$this->delete($answer)) {
181			$result = false;
182			}
183			}
184
185			return $result;
186			}
187
188			/**
189			* retrieve answers from the database
190			*
191			* @param \CriteriaElement\|null $criteria {@link CriteriaElement} conditions to be met
192			* @param bool $id_as_key use the answerid as key for the array?
193			* @param bool $as_object
194			* @return array array of <a href='psi_element://sfAnswer'>sfAnswer</a> objects
195			*/
196			public function &getObjects(CriteriaElement $criteria = null, $id_as_key = false, $as_object = true)
197			{
198			$ret = [];
199			$limit = $start = 0;
200			$sql = 'SELECT * FROM ' . $this->db->prefix('smartfaq_answers');
201			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
202			$sql .= ' ' . $criteria->renderWhere();
203			if ('' != $criteria->getSort()) {
204			$sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
205			}
206			$limit = $criteria->getLimit();
207			$start = $criteria->getStart();
208			}
209			//echo "<br>" . $sql . "<br>";
210			$result = $this->db->query($sql, $limit, $start);
211			if ($this->db->isResultSet($result)) {
212			while (false !== ($myrow = $this->db->fetchArray($result))) {
213			$answer = new Smartfaq\Answer();
214			$answer->assignVars($myrow);
215			if ($id_as_key) {
216			$ret[$myrow['answerid']] = $answer;
217			} else {
218			$ret[] = &$answer;
219			}
220			unset($answer);
221			}
222			}
223
224			return $ret;
225			}
226
227			/**
228			* retrieve 1 official answer (for now SmartFAQ only allow 1 official answer...)
229			*
230			* @param int $faqid
231			* @return mixed reference to the <a href='psi_element://sfAnswer'>sfAnswer</a> object, FALSE if failed
232			*/
233			public function getOfficialAnswer($faqid = 0)
234			{
235			$theaAnswers = $this->getAllAnswers($faqid, Constants::SF_AN_STATUS_APPROVED, 1, 0);
236			$ret = false;
237			if (1 == \count($theaAnswers)) {
238			$ret = $theaAnswers[0];
239			}
240
241			return $ret;
242			}
243
244			/**
245			* retrieve all answers
246			*
247			* @param int $faqid
248			* @param int\|array $status
249			* @param int $limit
250			* @param int $start
251			* @param string $sort
252			* @param string $order
253			* @return array array of <a href='psi_element://sfAnswer'>sfAnswer</a> objects
254			*/
255			public function getAllAnswers(
256			$faqid = 0,
257			$status = -1,
258			$limit = 0,
259			$start = 0,
260			$sort = 'datesub',
261			$order = 'DESC'
262			) {
263			$hasStatusCriteria = false;
264			$criteriaStatus = new CriteriaCompo();
265			if (\is_array($status)) {
266			$hasStatusCriteria = true;
267			foreach ($status as $v) {
268			$criteriaStatus->add(new Criteria('status', $v), 'OR');
269			}
270			} elseif (-1 != $status) {
271			$hasStatusCriteria = true;
272			$criteriaStatus->add(new Criteria('status', $status), 'OR');
273			}
274			$criteriaFaqid = new Criteria('faqid', $faqid);
275
276			$criteria = new CriteriaCompo();
277			$criteria->add($criteriaFaqid);
278
279			if ($hasStatusCriteria) {
280			$criteria->add($criteriaStatus);
281			}
282
283			$criteria->setSort($sort);
284			$criteria->setOrder($order);
285			$criteria->setLimit($limit);
286			$criteria->setStart($start);
287			$ret = $this->getObjects($criteria);
288
289			return $ret;
290			}
291
292			/**
293			* count answers matching a condition
294			*
295			* @param \CriteriaElement\|null $criteria {@link CriteriaElement} to match
296			* @return int count of answers
297			*/
298			public function getCount(CriteriaElement $criteria = null)
299			{
300			$sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('smartfaq_answers');
301			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
302			$sql .= ' ' . $criteria->renderWhere();
303			}
304			$result = $this->db->query($sql);
305			if (!$result) {
306			return 0;
307			}
308			[$count] = $this->db->fetchRow($result);
309
310			return $count;
311			}
312
313			/**
314			* count answers matching a condition and group by faq ID
315			*
316			* @param object $criteria {@link CriteriaElement} to match
317			* @return array
318			*/
319			public function getCountByFAQ($criteria = null)
320			{
321			$sql = 'SELECT faqid, COUNT(*) FROM ' . $this->db->prefix('smartfaq_answers');
322			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
323			$sql .= ' ' . $criteria->renderWhere();
324			$sql .= ' ' . $criteria->getGroupby();
325			}
326
327			//echo "<br>$sql<br>";
328
329			$result = $this->db->query($sql);
330			if (!$result) {
331			return [];
332			}
333			$ret = [];
334			while ([$id, $count] = $this->db->fetchRow($result)) {
335			$ret[$id] = $count;
336			}
337
338			return $ret;
339			}
340
341			/**
342			* delete answers matching a set of conditions
343			*
344			* @param \CriteriaElement\|null $criteria {@link CriteriaElement}
345			* @param bool $force
346			* @param bool $asObject
347			* @return bool FALSE if deletion failed
348			*/
349			public function deleteAll(CriteriaElement $criteria = null, $force = true, $asObject = false)
350			{
351			$sql = 'DELETE FROM ' . $this->db->prefix('smartfaq_answers');
352			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
353			$sql .= ' ' . $criteria->renderWhere();
354			}
355			if (!$this->db->query($sql)) {
356			return false;
357			}
358
359			return true;
360			}
361
362			/**
363			* Change a value for answers with a certain criteria
364			*
365			* @param string $fieldname Name of the field
366			* @param string $fieldvalue Value to write
367			* @param \CriteriaElement\|null $criteria {@link CriteriaElement}
368			* @param bool $force
369			* @return bool
370			*/
371			public function updateAll($fieldname, $fieldvalue, CriteriaElement $criteria = null, $force = false)
372			{
373			$set_clause = \is_numeric($fieldvalue) ? $fieldname . ' = ' . $fieldvalue : $fieldname . ' = ' . $this->db->quoteString($fieldvalue);
374			$sql = 'UPDATE ' . $this->db->prefix('smartfaq_answers') . ' SET ' . $set_clause;
375			if (($criteria instanceof \CriteriaCompo) \|\| ($criteria instanceof \Criteria)) {
376			$sql .= ' ' . $criteria->renderWhere();
377			}
378			//echo "<br>" . $sql . "<br>";
379			if (!$this->db->queryF($sql)) {
380			return false;
381			}
382
383			return true;
384			}
385
386			/**
387			* @param $faqids
388			* @return array
389			*/
390			public function getLastPublishedByFaq($faqids)
391			{
392			$ret = [];
393			$sql = 'SELECT faqid, answer, uid, datesub FROM ' . $this->db->prefix('smartfaq_answers') . '
394			WHERE faqid IN (' . \implode(',', $faqids) . ') AND status = ' . Constants::SF_AN_STATUS_APPROVED . ' GROUP BY faqid';
395			$result = $this->db->query($sql);
396			if (!$result) {
397			return $ret;
398			}
399			while (false !== ($row = $this->db->fetchArray($result))) {
400			$answer = new Smartfaq\Answer();
401			$answer->assignVars($row);
402			$ret[$row['faqid']] = &$answer;
403			unset($answer);
404			}
405
406			return $ret;
407			}
408			}
409

mambax7 / smartfaq

Issues (299)

Security Analysis not enabled

class/AnswerHandler.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like