diff options
Diffstat (limited to 'lib/Db/FeedMapper.php')
-rw-r--r-- | lib/Db/FeedMapper.php | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/lib/Db/FeedMapper.php b/lib/Db/FeedMapper.php index 056296e49..ad54ffc37 100644 --- a/lib/Db/FeedMapper.php +++ b/lib/Db/FeedMapper.php @@ -35,12 +35,11 @@ class FeedMapper extends NewsMapper { // work because prepared statements dont work. This is a // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this - 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . - StatusFlag::UNREAD . ' ' . + 'AND unread = ? ' . 'WHERE `feeds`.`id` = ? ' . 'AND `feeds`.`user_id` = ? ' . 'GROUP BY `feeds`.`id`'; - $params = [$id, $userId]; + $params = [true, $id, $userId]; return $this->findEntity($sql, $params); } @@ -57,15 +56,14 @@ class FeedMapper extends NewsMapper { // work because prepared statements dont work. This is a // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this - 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . - StatusFlag::UNREAD . ' ' . + 'AND unread = ? ' . 'WHERE `feeds`.`user_id` = ? ' . 'AND (`feeds`.`folder_id` = 0 ' . 'OR `folders`.`deleted_at` = 0' . ')' . 'AND `feeds`.`deleted_at` = 0 ' . 'GROUP BY `feeds`.`id`'; - $params = [$userId]; + $params = [true, $userId]; return $this->findEntities($sql, $params); } @@ -82,15 +80,14 @@ class FeedMapper extends NewsMapper { // work because prepared statements dont work. This is a // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this - 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . - StatusFlag::UNREAD . ' ' . + 'AND unread = ? ' . 'WHERE (`feeds`.`folder_id` = 0 ' . 'OR `folders`.`deleted_at` = 0' . ')' . 'AND `feeds`.`deleted_at` = 0 ' . 'GROUP BY `feeds`.`id`'; - return $this->findEntities($sql); + return $this->findEntities($sql, [true]); } @@ -103,12 +100,11 @@ class FeedMapper extends NewsMapper { // work because prepared statements dont work. This is a // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this - 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . - StatusFlag::UNREAD . ' ' . + 'AND unread = ? ' . 'WHERE `feeds`.`url_hash` = ? ' . 'AND `feeds`.`user_id` = ? ' . 'GROUP BY `feeds`.`id`'; - $params = [$hash, $userId]; + $params = [true, $hash, $userId]; return $this->findEntity($sql, $params); } |