From 2217c62fc33ad802e689a3fdf9b48118ddf7873d Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Fri, 15 Apr 2016 06:59:23 +0200
Subject: [PATCH] [!!!][TASK] Remove DB-related methods from cObj
There are some methods still available in ContentObjectRenderer
for editing content as frontend users. The methods are neither used,
nor is "user_feAdmin" (frontend administration) available since ages.
The methods were actually obsolete by TYPO3 4.5, and are now removed
without substitution.
* DBgetDelete()
* DBgetUpdate()
* DBgetInsert()
* DBmayFEUserEdit()
* DBmayFEUserEditSelect()
* exec_mm_query()
* exec_mm_query_uidList()
This also means that the following TCA options have no effect anymore
throughout the TYPO3 Core:
* [ctrl][fe_cruser_id]
* [ctrl][fe_crgroup_id]
* [ctrl][fe_admin_lock]
Resolves: #75711
Releases: master
Change-Id: Id2e3876363730ab9c30a8c02430bef90adc0288c
Reviewed-on: https://review.typo3.org/47683
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
---
...edMethodsAndTCA-relatedOptionsFromCObj.rst | 34 ++
.../ContentObject/ContentObjectRenderer.php | 299 ------------------
.../frontend/Configuration/TCA/fe_users.php | 1 -
typo3/sysext/frontend/ext_tables.sql | 1 -
4 files changed, 34 insertions(+), 301 deletions(-)
create mode 100644 typo3/sysext/core/Documentation/Changelog/master/Breaking-75711-RemovedDB-relatedMethodsAndTCA-relatedOptionsFromCObj.rst
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-75711-RemovedDB-relatedMethodsAndTCA-relatedOptionsFromCObj.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-75711-RemovedDB-relatedMethodsAndTCA-relatedOptionsFromCObj.rst
new file mode 100644
index 000000000000..267d07d3c121
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Breaking-75711-RemovedDB-relatedMethodsAndTCA-relatedOptionsFromCObj.rst
@@ -0,0 +1,34 @@
+===============================================================================
+Breaking: #75711 - Removed DB-related methods and TCA-related options from cObj
+===============================================================================
+
+Description
+===========
+
+The following methods have been removed from ``ContentObjectRenderer`` without substitution:
+
+* DBgetDelete()
+* DBgetUpdate()
+* DBgetInsert()
+* DBmayFEUserEdit()
+* DBmayFEUserEditSelect()
+* exec_mm_query()
+* exec_mm_query_uidList()
+
+The following TCA options have no effect anymore throughout the TYPO3 Core:
+
+* $TCA[table][ctrl][fe_cruser_id]
+* $TCA[table][ctrl][fe_crgroup_id]
+* $TCA[table][ctrl][fe_admin_lock]
+
+
+Impact
+======
+
+Calling any of the methods above directly will trigger a PHP fatal error.
+
+
+Affected Installations
+======================
+
+Any TYPO3 installation using DB-related Frontend Administration with the obsolete functionality.
\ No newline at end of file
diff --git a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
index 62d17e5bc570..0db0ca3cf3bd 100644
--- a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
+++ b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
@@ -7095,248 +7095,6 @@ class ContentObjectRenderer
* Database functions, making of queries
*
***********************************************/
- /**
- * Returns an UPDATE/DELETE sql query which will "delete" the record.
- * If the $GLOBALS['TCA'] config for the table tells us to NOT "physically" delete the record but rather set the "deleted" field to "1" then an UPDATE query is returned doing just that. Otherwise it truely is a DELETE query.
- *
- * @param string $table The table name, should be in $GLOBALS['TCA']
- * @param int $uid The UID of the record from $table which we are going to delete
- * @param bool $doExec If set, the query is executed. IT'S HIGHLY RECOMMENDED TO USE THIS FLAG to execute the query directly!!!
- * @return string The query, ready to execute unless $doExec was TRUE in which case the return value is FALSE.
- * @see DBgetUpdate(), DBgetInsert(), user_feAdmin
- */
- public function DBgetDelete($table, $uid, $doExec = false)
- {
- $uid = (int)$uid;
- if (!$uid) {
- return '';
- }
- $db = $this->getDatabaseConnection();
- if ($GLOBALS['TCA'][$table]['ctrl']['delete']) {
- $updateFields = array();
- $updateFields[$GLOBALS['TCA'][$table]['ctrl']['delete']] = 1;
- if ($GLOBALS['TCA'][$table]['ctrl']['tstamp']) {
- $updateFields[$GLOBALS['TCA'][$table]['ctrl']['tstamp']] = $GLOBALS['EXEC_TIME'];
- }
- if ($doExec) {
- return $db->exec_UPDATEquery($table, 'uid=' . $uid, $updateFields);
- } else {
- return $db->UPDATEquery($table, 'uid=' . $uid, $updateFields);
- }
- } elseif ($doExec) {
- return $db->exec_DELETEquery($table, 'uid=' . $uid);
- } else {
- return $db->DELETEquery($table, 'uid=' . $uid);
- }
- }
-
- /**
- * Returns an UPDATE sql query.
- * If a "tstamp" field is configured for the $table tablename in $GLOBALS['TCA'] then that field is automatically updated to the current time.
- * Notice: It is YOUR responsibility to make sure the data being updated is valid according the tablefield types etc. Also no logging is performed of the update. It's just a nice general usage API function for creating a quick query.
- * NOTICE: From TYPO3 3.6.0 this function ALWAYS adds slashes to values inserted in the query.
- *
- * @param string $table The table name, should be in $GLOBALS['TCA']
- * @param int $uid The UID of the record from $table which we are going to update
- * @param array $dataArr The data array where key/value pairs are fieldnames/values for the record to update.
- * @param string $fieldList Comma list of fieldnames which are allowed to be updated. Only values from the data record for fields in this list will be updated!!
- * @param bool $doExec If set, the query is executed. IT'S HIGHLY RECOMMENDED TO USE THIS FLAG to execute the query directly!!!
- * @return string The query, ready to execute unless $doExec was TRUE in which case the return value is FALSE.
- * @see DBgetInsert(), DBgetDelete(), user_feAdmin
- */
- public function DBgetUpdate($table, $uid, $dataArr, $fieldList, $doExec = false)
- {
- // uid can never be set
- unset($dataArr['uid']);
- $uid = (int)$uid;
- if ($uid) {
- $fieldList = implode(',', GeneralUtility::trimExplode(',', $fieldList, true));
- $updateFields = array();
- foreach ($dataArr as $f => $v) {
- if (GeneralUtility::inList($fieldList, $f)) {
- $updateFields[$f] = $v;
- }
- }
- if ($GLOBALS['TCA'][$table]['ctrl']['tstamp']) {
- $updateFields[$GLOBALS['TCA'][$table]['ctrl']['tstamp']] = $GLOBALS['EXEC_TIME'];
- }
- if (!empty($updateFields)) {
- if ($doExec) {
- return $this->getDatabaseConnection()->exec_UPDATEquery($table, 'uid=' . $uid, $updateFields);
- }
- return $this->getDatabaseConnection()->UPDATEquery($table, 'uid=' . $uid, $updateFields);
- }
- }
- return '';
- }
-
- /**
- * Returns an INSERT sql query which automatically added "system-fields" according to $GLOBALS['TCA']
- * Automatically fields for "tstamp", "crdate", "cruser_id", "fe_cruser_id" and "fe_crgroup_id" is updated if they are configured in the "ctrl" part of $GLOBALS['TCA'].
- * The "pid" field is overridden by the input $pid value if >= 0 (zero). "uid" can never be set as a field
- * NOTICE: From TYPO3 3.6.0 this function ALWAYS adds slashes to values inserted in the query.
- *
- * @param string $table The table name, should be in $GLOBALS['TCA']
- * @param int $pid The PID value for the record to insert
- * @param array $dataArr The data array where key/value pairs are fieldnames/values for the record to insert
- * @param string $fieldList Comma list of fieldnames which are allowed to be inserted. Only values from the data record for fields in this list will be inserted!!
- * @param bool $doExec If set, the query is executed. IT'S HIGHLY RECOMMENDED TO USE THIS FLAG to execute the query directly!!!
- * @return string The query, ready to execute unless $doExec was TRUE in which case the return value is FALSE.
- * @see DBgetUpdate(), DBgetDelete(), user_feAdmin
- */
- public function DBgetInsert($table, $pid, $dataArr, $fieldList, $doExec = false)
- {
- $extraList = 'pid';
- if ($GLOBALS['TCA'][$table]['ctrl']['tstamp']) {
- $field = $GLOBALS['TCA'][$table]['ctrl']['tstamp'];
- $dataArr[$field] = $GLOBALS['EXEC_TIME'];
- $extraList .= ',' . $field;
- }
- if ($GLOBALS['TCA'][$table]['ctrl']['crdate']) {
- $field = $GLOBALS['TCA'][$table]['ctrl']['crdate'];
- $dataArr[$field] = $GLOBALS['EXEC_TIME'];
- $extraList .= ',' . $field;
- }
- if ($GLOBALS['TCA'][$table]['ctrl']['cruser_id']) {
- $field = $GLOBALS['TCA'][$table]['ctrl']['cruser_id'];
- $dataArr[$field] = 0;
- $extraList .= ',' . $field;
- }
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id']) {
- $field = $GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id'];
- $dataArr[$field] = (int)$this->getTypoScriptFrontendController()->fe_user->user['uid'];
- $extraList .= ',' . $field;
- }
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id']) {
- $field = $GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id'];
- list($dataArr[$field]) = explode(',', $this->getTypoScriptFrontendController()->fe_user->user['usergroup']);
- $dataArr[$field] = (int)$dataArr[$field];
- $extraList .= ',' . $field;
- }
- // Uid can never be set
- unset($dataArr['uid']);
- if ($pid >= 0) {
- $dataArr['pid'] = $pid;
- }
- // Set pid < 0 and the dataarr-pid will be used!
- $fieldList = implode(',', GeneralUtility::trimExplode(',', $fieldList . ',' . $extraList, true));
- $insertFields = array();
- foreach ($dataArr as $f => $v) {
- if (GeneralUtility::inList($fieldList, $f)) {
- $insertFields[$f] = $v;
- }
- }
- if ($doExec) {
- return $this->getDatabaseConnection()->exec_INSERTquery($table, $insertFields);
- } else {
- return $this->getDatabaseConnection()->INSERTquery($table, $insertFields);
- }
- }
-
- /**
- * Checks if a frontend user is allowed to edit a certain record
- *
- * @param string $table The table name, found in $GLOBALS['TCA']
- * @param array $row The record data array for the record in question
- * @param array $feUserRow The array of the fe_user which is evaluated, typ. $GLOBALS['TSFE']->fe_user->user
- * @param string $allowedGroups Commalist of the only fe_groups uids which may edit the record. If not set, then the usergroup field of the fe_user is used.
- * @param bool|int $feEditSelf TRUE, if the fe_user may edit his own fe_user record.
- * @return bool
- * @see user_feAdmin
- */
- public function DBmayFEUserEdit($table, $row, $feUserRow, $allowedGroups = '', $feEditSelf = 0)
- {
- if ($allowedGroups) {
- $groupList = implode(
- ',',
- array_intersect(
- GeneralUtility::trimExplode(',', $feUserRow['usergroup'], true),
- GeneralUtility::trimExplode(',', $allowedGroups, true)
- )
- );
- } else {
- $groupList = $feUserRow['usergroup'];
- }
- $ok = false;
- // Points to the field that allows further editing from frontend if not set. If set the record is locked.
- if (!$GLOBALS['TCA'][$table]['ctrl']['fe_admin_lock'] || !$row[$GLOBALS['TCA'][$table]['ctrl']['fe_admin_lock']]) {
- // Points to the field (int) that holds the fe_users-id of the creator fe_user
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id']) {
- $rowFEUser = (int)$row[$GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id']];
- if ($rowFEUser && $rowFEUser === (int)$feUserRow['uid']) {
- $ok = true;
- }
- }
- // If $feEditSelf is set, fe_users may always edit them selves...
- if ($feEditSelf && $table === 'fe_users' && (int)$feUserRow['uid'] === (int)$row['uid']) {
- $ok = true;
- }
- // Points to the field (int) that holds the fe_group-id of the creator fe_user's first group
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id']) {
- $rowFEUser = (int)$row[$GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id']];
- if ($rowFEUser) {
- if (GeneralUtility::inList($groupList, $rowFEUser)) {
- $ok = true;
- }
- }
- }
- }
- return $ok;
- }
-
- /**
- * Returns part of a where clause for selecting records from the input table name which the user may edit.
- * Conceptually close to the function DBmayFEUserEdit(); It does the same thing but not for a single record,
- * rather for a select query selecting all records which the user HAS access to.
- *
- * @param string $table The table name
- * @param array $feUserRow The array of the fe_user which is evaluated, typ. $GLOBALS['TSFE']->fe_user->user
- * @param string $allowedGroups Commalist of the only fe_groups uids which may edit the record. If not set, then the usergroup field of the fe_user is used.
- * @param bool|int $feEditSelf TRUE, if the fe_user may edit his own fe_user record.
- * @return string The where clause part. ALWAYS returns a string. If no access at all, then " AND 1=0
- * @see DBmayFEUserEdit(), user_feAdmin::displayEditScreen()
- */
- public function DBmayFEUserEditSelect($table, $feUserRow, $allowedGroups = '', $feEditSelf = 0)
- {
- // Returns where-definition that selects user-editable records.
- if ($allowedGroups) {
- $groupList = implode(
- ',',
- array_intersect(
- GeneralUtility::trimExplode(',', $feUserRow['usergroup'], true),
- GeneralUtility::trimExplode(',', $allowedGroups, true)
- )
- );
- } else {
- $groupList = $feUserRow['usergroup'];
- }
- $OR_arr = array();
- // Points to the field (int) that holds the fe_users-id of the creator fe_user
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id']) {
- $OR_arr[] = $GLOBALS['TCA'][$table]['ctrl']['fe_cruser_id'] . '=' . $feUserRow['uid'];
- }
- // Points to the field (int) that holds the fe_group-id of the creator fe_user's first group
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id']) {
- $values = GeneralUtility::intExplode(',', $groupList);
- foreach ($values as $theGroupUid) {
- if ($theGroupUid) {
- $OR_arr[] = $GLOBALS['TCA'][$table]['ctrl']['fe_crgroup_id'] . '=' . $theGroupUid;
- }
- }
- }
- // If $feEditSelf is set, fe_users may always edit them selves...
- if ($feEditSelf && $table === 'fe_users') {
- $OR_arr[] = 'uid=' . (int)$feUserRow['uid'];
- }
- $whereDef = ' AND 1=0';
- if (!empty($OR_arr)) {
- $whereDef = ' AND (' . implode(' OR ', $OR_arr) . ')';
- if ($GLOBALS['TCA'][$table]['ctrl']['fe_admin_lock']) {
- $whereDef .= ' AND ' . $GLOBALS['TCA'][$table]['ctrl']['fe_admin_lock'] . '=0';
- }
- }
- return $whereDef;
- }
/**
* Returns a part of a WHERE clause which will filter out records with start/end times or hidden/fe_groups fields
@@ -7551,63 +7309,6 @@ class ContentObjectRenderer
return implode(',', $theList);
}
- /**
- * Executes a SELECT query for joining three tables according to the MM-relation standards used for tables configured in $GLOBALS['TCA']. That means MM-joins where the join table has the fields "uid_local" and "uid_foreign"
- *
- * @param string $select List of fields to select
- * @param string $local_table The local table
- * @param string $mm_table The join-table; The "uid_local" field of this table will be matched with $local_table's "uid" field.
- * @param string $foreign_table Optionally: The foreign table; The "uid" field of this table will be matched with $mm_table's "uid_foreign" field. If you set this field to blank the join will be over only the $local_table and $mm_table
- * @param string $whereClause Optional additional WHERE clauses put in the end of the query. DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
- * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
- * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
- * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
- * @return bool|\mysqli_result|object MySQLi result object / DBAL object
- * @see mm_query_uidList()
- */
- public function exec_mm_query($select, $local_table, $mm_table, $foreign_table, $whereClause = '', $groupBy = '', $orderBy = '', $limit = '')
- {
- return $this->getDatabaseConnection()->exec_SELECTquery(
- $select,
- $local_table . ',' . $mm_table . ($foreign_table ? ',' . $foreign_table : ''),
- $local_table . '.uid=' . $mm_table . '.uid_local'
- . ($foreign_table ? ' AND ' . $foreign_table . '.uid=' . $mm_table . '.uid_foreign' : '')
- . $whereClause,
- $groupBy,
- $orderBy,
- $limit
- );
- }
-
- /**
- * Executes a SELECT query for joining two tables according to the MM-relation standards used for tables configured in $GLOBALS['TCA']. That means MM-joins where the join table has the fields "uid_local" and "uid_foreign"
- * The two tables joined is the join table ($mm_table) and the foreign table ($foreign_table) - so the "local table" is not included but instead you can supply a list of UID integers from the local table to match in the join-table.
- *
- * @param string $select List of fields to select
- * @param string $local_table_uidlist List of UID integers, eg. "1,2,3,456
- * @param string $mm_table The join-table; The "uid_local" field of this table will be matched with the list of UID numbers from $local_table_uidlist
- * @param string $foreign_table Optionally: The foreign table; The "uid" field of this table will be matched with $mm_table's "uid_foreign" field. If you set this field to blank only records from the $mm_table is returned. No join performed.
- * @param string $whereClause Optional additional WHERE clauses put in the end of the query. DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
- * @param string $groupBy Optional GROUP BY field(s), if none, supply blank string.
- * @param string $orderBy Optional ORDER BY field(s), if none, supply blank string.
- * @param string $limit Optional LIMIT value ([begin,]max), if none, supply blank string.
- * @return bool|\mysqli_result|object MySQLi result object / DBAL object
- * @see mm_query()
- */
- public function exec_mm_query_uidList($select, $local_table_uidlist, $mm_table, $foreign_table = '', $whereClause = '', $groupBy = '', $orderBy = '', $limit = '')
- {
- return $this->getDatabaseConnection()->exec_SELECTquery(
- $select,
- $mm_table . ($foreign_table ? ',' . $foreign_table : ''),
- $mm_table . '.uid_local IN (' . $local_table_uidlist . ')'
- . ($foreign_table ? ' AND ' . $foreign_table . '.uid=' . $mm_table . '.uid_foreign' : '')
- . $whereClause,
- $groupBy,
- $orderBy,
- $limit
- );
- }
-
/**
* Generates a search where clause based on the input search words (AND operation - all search words must be found in record.)
* Example: The $sw is "content management, system" (from an input form) and the $searchFieldList is "bodytext,header" then the output will be ' AND (bodytext LIKE "%content%" OR header LIKE "%content%") AND (bodytext LIKE "%management%" OR header LIKE "%management%") AND (bodytext LIKE "%system%" OR header LIKE "%system%")'
diff --git a/typo3/sysext/frontend/Configuration/TCA/fe_users.php b/typo3/sysext/frontend/Configuration/TCA/fe_users.php
index d89a99134954..107445b9dc46 100644
--- a/typo3/sysext/frontend/Configuration/TCA/fe_users.php
+++ b/typo3/sysext/frontend/Configuration/TCA/fe_users.php
@@ -6,7 +6,6 @@ return array(
'tstamp' => 'tstamp',
'crdate' => 'crdate',
'cruser_id' => 'cruser_id',
- 'fe_cruser_id' => 'fe_cruser_id',
'title' => 'LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:fe_users',
'delete' => 'deleted',
'enablecolumns' => array(
diff --git a/typo3/sysext/frontend/ext_tables.sql b/typo3/sysext/frontend/ext_tables.sql
index aca22a663a6b..d6126e8f3e48 100644
--- a/typo3/sysext/frontend/ext_tables.sql
+++ b/typo3/sysext/frontend/ext_tables.sql
@@ -107,7 +107,6 @@ CREATE TABLE fe_users (
company varchar(80) DEFAULT '' NOT NULL,
image tinytext,
TSconfig text,
- fe_cruser_id int(10) unsigned DEFAULT '0' NOT NULL,
lastlogin int(10) unsigned DEFAULT '0' NOT NULL,
is_online int(10) unsigned DEFAULT '0' NOT NULL,
--
GitLab