diff options
-rw-r--r-- | db/feedmapper.php | 14 | ||||
-rw-r--r-- | db/itemmapper.php | 9 |
2 files changed, 22 insertions, 1 deletions
diff --git a/db/feedmapper.php b/db/feedmapper.php index 3c931aabb..ba4b9a5c8 100644 --- a/db/feedmapper.php +++ b/db/feedmapper.php @@ -43,6 +43,10 @@ class FeedMapper extends Mapper implements IMapper { 'FROM `*PREFIX*news_feeds` `feeds` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . + // WARNING: this is a desperate attempt at making this query work + // because prepared statements dont work. This is a possible + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. + // think twice when chaning this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . 'WHERE `feeds`.`id` = ? ' . @@ -76,7 +80,11 @@ class FeedMapper extends Mapper implements IMapper { $sql = 'SELECT `feeds`.*, COUNT(`items`.`id`) AS `unread_count` ' . 'FROM `*PREFIX*news_feeds` `feeds` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . - 'ON `feeds`.`id` = `items`.`feed_id` ' . + 'ON `feeds`.`id` = `items`.`feed_id` ' . + // WARNING: this is a desperate attempt at making this query work + // because prepared statements dont work. This is a possible + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. + // think twice when chaning this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . 'WHERE `feeds`.`user_id` = ? ' . @@ -99,6 +107,10 @@ class FeedMapper extends Mapper implements IMapper { 'FROM `*PREFIX*news_feeds` `feeds` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . + // WARNING: this is a desperate attempt at making this query work + // because prepared statements dont work. This is a possible + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. + // think twice when chaning this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . 'WHERE `feeds`.`url_hash` = ? ' . diff --git a/db/itemmapper.php b/db/itemmapper.php index daff18466..e2850e725 100644 --- a/db/itemmapper.php +++ b/db/itemmapper.php @@ -72,6 +72,11 @@ class ItemMapper extends Mapper implements IMapper { // now im gonna slowly stick them in the query, be careful! return $this->makeSelectQuery( + + // WARNING: this is a desperate attempt at making this query work + // because prepared statements dont work. This is a possible + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. + // think twice when chaning this 'AND ((`items`.`status` & ' . $status . ') = ' . $status . ') ' . $prependTo ); @@ -94,6 +99,10 @@ class ItemMapper extends Mapper implements IMapper { 'JOIN `*PREFIX*news_items` `items` ' . 'ON `items`.`feed_id` = `feeds`.`id` ' . 'AND `feeds`.`user_id` = ? ' . + // WARNING: this is a desperate attempt at making this query work + // because prepared statements dont work. This is a possible + // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGH. + // think twice when chaning this 'WHERE ((`items`.`status` & ' . StatusFlag::STARRED . ') = ' . StatusFlag::STARRED . ')'; |