PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

encapsulate raw PDO queries leaking from callers into Database.php methods

Browse Source 
- Add getThesisAccessTypeId(int $id): ?int — replaces raw SELECT in tfe.php
- Add getCoverPathsForTheses(array $ids): array — replaces raw SELECT/IN query in index.php
- Add getFileVisibility(string $path): ?int — replaces raw join query in media.php
- Add getThesisBannerPath(int $id): ?string — replaces unparameterised SQL injection in
  edit.php (SELECT banner_path FROM theses WHERE id = $thesisId was interpolating $thesisId
  directly into the query string; now parameterised via prepared statement)
- Add getThesisRawFields(int $id): ?array — replaces raw SELECT license_id/access_type_id/
  context_note in edit.php
- Add getThesisCount(): int — replaces raw SELECT COUNT(*) in system.php

Callers updated: public/tfe.php, public/index.php, public/media.php,
public/admin/edit.php, public/admin/system.php
This commit is contained in:
Pontoporeia
2026-03-28 13:32:34 +01:00
parent 20e5f71634
commit 1181cfa88b
7 changed files with 115 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
public/admin/system.php
View File

@@ -124,8 +124,7 @@ $dbRowCount = null;
if ($dbExists) {
try {
$db = new Database();
$stmt = $db->getConnection()->query("SELECT COUNT(*) FROM theses");
$dbRowCount = (int) $stmt->fetchColumn();
$dbRowCount = $db->getThesisCount();
} catch (Throwable $e) {
$dbRowCount = null;
}