Commit 3a26888e authored by Helmut Hummel's avatar Helmut Hummel Committed by Thomas Löffler
Browse files

Ensure only valid composer names are exposed via API

parent 5d88752e
......@@ -14,6 +14,9 @@ namespace T3o\TerFe2\Controller\Eid;
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Core\Database\ConnectionPool;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Class \T3o\TerFe2\Controller\Eid\ExtensionController
*/
......@@ -59,13 +62,33 @@ class ExtensionController
*/
protected function findAllWithValidComposerName()
{
$extensions = $this->databaseConnection->exec_SELECTgetRows(
'*',
'tx_terfe2_domain_model_extension',
'hidden = 0 and deleted = 0 and composer_name <> ""'
);
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('tx_terfe2_domain_model_extension');
$expr = $queryBuilder->expr();
$result = $queryBuilder->select('tx_terfe2_domain_model_extension.composer_name', 'tx_terfe2_domain_model_version.composer_info')
->from('tx_terfe2_domain_model_extension')
->join(
'tx_terfe2_domain_model_extension',
'tx_terfe2_domain_model_version',
'tx_terfe2_domain_model_version',
$expr->eq(
'tx_terfe2_domain_model_extension.last_version',
'tx_terfe2_domain_model_version.uid'
)
)
->where(
$expr->neq(
'tx_terfe2_domain_model_extension.composer_name',
$queryBuilder->createNamedParameter('')
)
)
->execute();
foreach ($extensions as $extension) {
while ($extension = $result->fetch()) {
$latestVersionComposerInfo = @json_decode($extension['composer_info'], true);
if (empty($latestVersionComposerInfo['name']) || $latestVersionComposerInfo['name'] !== $extension['composer_name']) {
continue;
}
$this->jsonArray['data'][$extension['ext_key']] = array(
'composer_name' => $extension['composer_name'],
);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment