From 3ebee67560f8e7c8cb812d527da5de83395f7080 Mon Sep 17 00:00:00 2001
From: Oliver Bartsch <bo@cedev.de>
Date: Fri, 17 Dec 2021 12:36:48 +0100
Subject: [PATCH] [BUGFIX] Pass sanitized additional where as string in
DatabaseRecordList
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The RecordListGetTable hook allows to add an additional
where clause to the recordlist query. Since the sanitized
result was wrapped in an array before being passed to
$queryBuilder->andWhere(), this led to an exception.
This is now fixed by passing the sanitized clause as
string to `addWhere()`.
Resolves: #96378
Related: #92065
Releases: main, 11.5
Change-Id: I99fa184f49f9db9f7edf061d4137e1e6c275446e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72699
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Jochen <rothjochen@gmail.com>
Tested-by: Stefan Bürk <stefan@buerk.tech>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Jochen <rothjochen@gmail.com>
Reviewed-by: Stefan Bürk <stefan@buerk.tech>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
---
.../sysext/recordlist/Classes/RecordList/DatabaseRecordList.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index db0d41da3299..d48ad9a25fb4 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -2408,7 +2408,7 @@ class DatabaseRecordList
$hookObject->getDBlistQuery($table, $pageId, $addWhere, $selFieldList, $this);
}
if (!empty($addWhere)) {
- $queryBuilder->andWhere([QueryHelper::stripLogicalOperatorPrefix($addWhere)]);
+ $queryBuilder->andWhere(QueryHelper::stripLogicalOperatorPrefix($addWhere));
}
$fields = GeneralUtility::trimExplode(',', $selFieldList, true);
if ($fields === []) {
--
GitLab