Merge pull request #3 from SpiriitLabs/dev

secure int list #2 Thanks to @jf-viguier
SpiriitLabs · Oct 9, 2023 · 1058f78 · 1058f78
2 parents e0da824 + 1d6fa83
commit 1058f78
Show file tree

Hide file tree

Showing 9 changed files with 27 additions and 23 deletions.
diff --git a/classes/cartCleaner.php b/classes/cartCleaner.php
@@ -120,9 +120,10 @@ public function processDelete($id_carts)
     {
         $tables = self::getCartsRelatedTables();
         $res = true;
+        $carts_list = implode(',', array_map('intval', $id_carts));
 
         foreach ($tables as $table) {
-            $res &= $this->db->delete(bqSQL($table), 'id_cart IN (' . pSQL(implode(',', $id_carts)) . ')');
+            $res &= $this->db->delete(bqSQL($table), 'id_cart IN (' . pSQL($carts_list) . ')');
             if ($affected_rows = $this->db->Affected_Rows()) {
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . bqSQL($table));
                 $this->output[$table] = (int) $affected_rows;

diff --git a/classes/customerCleaner.php b/classes/customerCleaner.php
@@ -97,7 +97,7 @@ public function deleteCustomers($id_customers = null)
             $logs = '';
             $this->context->controller->confirmations[] = $this->module->l('Success!', 'customerCleaner');
 
-            $this->context->controller->confirmations[] = sprintf($this->module->l('%s customer(s) deleted.'), $nbDeleted);
+            $this->context->controller->confirmations[] = sprintf($this->module->l('%s customer(s) deleted.', 'customerCleaner'), $nbDeleted);
 
             return;
         }

diff --git a/classes/orderCleaner.php b/classes/orderCleaner.php
@@ -131,44 +131,45 @@ public function processDelete($id_orders)
     {
         $tables = self::getOrdersRelatedTables();
         $res = true;
+        $orders_list = implode(',', array_map('intval', $id_orders));
 
         foreach ($tables as $table) {
             if ($table == 'orders') {
-                $res &= $this->db->delete('order_payment', 'order_reference IN (SELECT reference FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_payment', 'order_reference IN (SELECT reference FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_payment'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_payment');
-                $res &= $this->db->delete('cart', 'id_cart IN (SELECT id_cart FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('cart', 'id_cart IN (SELECT id_cart FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['cart'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'cart');
-                $res &= $this->db->delete('cart_product', 'id_cart IN (SELECT id_cart FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('cart_product', 'id_cart IN (SELECT id_cart FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['cart_product'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'cart_product');
             } elseif ($table == 'order_detail') {
-                $res &= $this->db->delete('order_detail_tax', 'id_order_detail IN (SELECT id_order_detail FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_detail_tax', 'id_order_detail IN (SELECT id_order_detail FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_detail_tax'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_detail_tax');
             } elseif ($table == 'order_invoice') {
-                $res &= $this->db->delete('order_invoice_payment', 'id_order_invoice IN (SELECT id_order_invoice FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_invoice_payment', 'id_order_invoice IN (SELECT id_order_invoice FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_invoice_payment'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_invoice_payment');
-                $res &= $this->db->delete('order_invoice_tax', 'id_order_invoice IN (SELECT id_order_invoice FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_invoice_tax', 'id_order_invoice IN (SELECT id_order_invoice FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_invoice_tax'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_invoice_tax');
             } elseif ($table == 'order_return') {
-                $res &= $this->db->delete('order_return_detail', 'id_order_return IN (SELECT id_order_return FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_return_detail', 'id_order_return IN (SELECT id_order_return FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_return_detail'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_return_detail');
             } elseif ($table == 'order_slip') {
-                $res &= $this->db->delete('order_slip_detail', 'id_order_slip IN (SELECT id_order_slip FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('order_slip_detail', 'id_order_slip IN (SELECT id_order_slip FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['order_slip_detail'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'order_slip_detail');
             } elseif ($table == 'message') {
-                $res &= $this->db->delete('message_readed', 'id_message IN (SELECT id_message FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . bqSQL(implode(',', $id_orders)) . '))');
+                $res &= $this->db->delete('message_readed', 'id_message IN (SELECT id_message FROM ' . _DB_PREFIX_ . bqSQL($table) . ' WHERE id_order IN (' . pSQL($orders_list) . '))');
                 $this->output['message_readed'] = $this->db->numRows();
                 $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'message_readed');
             }
 
-            $res &= $this->db->delete(bqSQL($table), 'id_order IN (' . bqSQL(implode(',', $id_orders)) . ')');
+            $res &= $this->db->delete(bqSQL($table), 'id_order IN (' . pSQL($orders_list) . ')');
             $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . bqSQL($table));
 
             $this->output[$table] = $this->db->numRows();

diff --git a/classes/productCleaner.php b/classes/productCleaner.php
@@ -103,7 +103,7 @@ public function deleteProducts($id_products = null)
         if ($productsDelete) {
             $logs = '';
             $this->context->controller->confirmations[] = $this->module->l('Success!', 'productCleaner');
-            $this->context->controller->confirmations[] = sprintf($this->module->l('%s product(s) deleted.'), $nbDeleted);
+            $this->context->controller->confirmations[] = sprintf($this->module->l('%s product(s) deleted.', 'productCleaner'), $nbDeleted);
 
             return;
         }

diff --git a/classes/resetCleaner.php b/classes/resetCleaner.php
@@ -78,11 +78,13 @@ private function resetCatalog()
 
         $id_home = Configuration::getMultiShopValues('PS_HOME_CATEGORY');
         $id_root = Configuration::getMultiShopValues('PS_ROOT_CATEGORY');
+        $ids_home = implode(',', array_map('intval', $id_home));
+        $ids_root = implode(',', array_map('intval', $id_root));
 
-        $res &= $this->db->delete('category', 'id_category NOT IN (' . pSQL(implode(',', array_map('intval', $id_home))) . ', ' . pSQL(implode(',', array_map('intval', $id_root))) . ')');
-        $res &= $this->db->delete('category_lang', 'id_category NOT IN (' . pSQL(implode(',', array_map('intval', $id_home))) . ', ' . pSQL(implode(',', array_map('intval', $id_root))) . ')');
-        $res &= $this->db->delete('category_shop', 'id_category NOT IN (' . pSQL(implode(',', array_map('intval', $id_home))) . ', ' . pSQL(implode(',', array_map('intval', $id_root))) . ')');
-        $res &= $this->db->delete('category_group', 'id_category NOT IN (' . pSQL(implode(',', array_map('intval', $id_home))) . ', ' . pSQL(implode(',', array_map('intval', $id_root))) . ')');
+        $res &= $this->db->delete('category', 'id_category NOT IN (' . pSQL($ids_home) . ', ' . pSQL($ids_root) . ')');
+        $res &= $this->db->delete('category_lang', 'id_category NOT IN (' . pSQL($ids_home) . ', ' . pSQL($ids_root) . ')');
+        $res &= $this->db->delete('category_shop', 'id_category NOT IN (' . pSQL($ids_home) . ', ' . pSQL($ids_root) . ')');
+        $res &= $this->db->delete('category_group', 'id_category NOT IN (' . pSQL($ids_home) . ', ' . pSQL($ids_root) . ')');
 
         $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'category');
         $this->db->execute('ANALYZE TABLE ' . _DB_PREFIX_ . 'category_lang');

diff --git a/controllers/admin/AdminCleanCartController.php b/controllers/admin/AdminCleanCartController.php
@@ -77,7 +77,7 @@ public function postProcess()
             $cartCleaner = new CartCleaner();
             $cartCleaner->date_from = Tools::getValue($this->module->config_name . '_DATE_FROM', null);
             $cartCleaner->date_to = Tools::getValue($this->module->config_name . '_DATE_TO', null);
-            $cartCleaner->shops = implode(',', Tools::getValue($this->module->config_name . '_SHOP_CARTS', []));
+            $cartCleaner->shops = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_SHOP_CARTS', [])));
             $cartCleaner->deleteCarts();
         }
 

diff --git a/controllers/admin/AdminCleanCustomerController.php b/controllers/admin/AdminCleanCustomerController.php
@@ -77,7 +77,7 @@ public function postProcess()
             $customerCleaner = new CustomerCleaner();
             $customerCleaner->date_from = Tools::getValue($this->module->config_name . '_CUSTOMER_DATE_FROM', null);
             $customerCleaner->date_to = Tools::getValue($this->module->config_name . '_CUSTOMER_DATE_TO', null);
-            $customerCleaner->shops = implode(',', Tools::getValue($this->module->config_name . '_CUSTOMER_SHOP', []));
+            $customerCleaner->shops = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_CUSTOMER_SHOP', [])));
             $customerCleaner->guest = Tools::getValue($this->module->config_name . '_CUSTOMER_GUEST', null);
             $customerCleaner->never_ordered = Tools::getValue($this->module->config_name . '_CUSTOMER_NEVER_ORDERED', null);
             $customerCleaner->deleteCustomers();

diff --git a/controllers/admin/AdminCleanOrderController.php b/controllers/admin/AdminCleanOrderController.php
@@ -77,8 +77,8 @@ public function postProcess()
             $orderCleaner = new OrderCleaner();
             $orderCleaner->date_from = Tools::getValue($this->module->config_name . '_DATE_FROM', null);
             $orderCleaner->date_to = Tools::getValue($this->module->config_name . '_DATE_TO', null);
-            $orderCleaner->status = implode(',', Tools::getValue($this->module->config_name . '_STATUS', []));
-            $orderCleaner->shops = implode(',', Tools::getValue($this->module->config_name . '_SHOP_ORDERS', []));
+            $orderCleaner->status = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_STATUS', [])));
+            $orderCleaner->shops = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_SHOP_ORDERS', [])));
             $orderCleaner->deleteOrders();
         }
 

diff --git a/controllers/admin/AdminCleanProductController.php b/controllers/admin/AdminCleanProductController.php
@@ -77,9 +77,9 @@ public function postProcess()
             $productCleaner = new ProductCleaner();
             $productCleaner->date_from = Tools::getValue($this->module->config_name . '_PRODUCT_DATE_FROM', null);
             $productCleaner->date_to = Tools::getValue($this->module->config_name . '_PRODUCT_DATE_TO', null);
-            $productCleaner->shops = implode(',', Tools::getValue($this->module->config_name . '_PRODUCT_SHOP', []));
+            $productCleaner->shops = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_PRODUCT_SHOP', [])));
             $productCleaner->types = Tools::getValue($this->module->config_name . '_PRODUCT_TYPE', []);
-            $productCleaner->categories = implode(',', Tools::getValue($this->module->config_name . '_PRODUCT_CATEGORIES', []));
+            $productCleaner->categories = implode(',', array_map('intval', Tools::getValue($this->module->config_name . '_PRODUCT_CATEGORIES', [])));
             $productCleaner->active = Tools::getValue($this->module->config_name . '_PRODUCT_ACTIVE', null);
             $productCleaner->deleteProducts();
         }