Update 2021-08-20-ph_simpleblog.md

_posts/2021-08-20-ph_simpleblog.md

@@ -59,29 +59,8 @@ https://preprod.X/module/simpleblog/list?sb_category=1%27%29%3BSELECT+0x73656c65
 
 ## Patch for version 1.7.7
 ```diff
-diff --git a/classes/BlogPostsFinder.php b/classes/BlogPostsFinder.php
-index b753146..e58fe63 100644
---- a/classes/BlogPostsFinder.php
-+++ b/classes/BlogPostsFinder.php
-@@ -134 +134 @@ class BlogPostsFinder
--        $this->customer = $customer;
-+        $this->customer = $id_customer;
-@@ -271 +271 @@ class BlogPostsFinder
--        $sql->innerJoin('simpleblog_post_lang', 'l', 'sbp.id_simpleblog_post = l.id_simpleblog_post AND l.id_lang = ' . $this->getIdLang());
-+        $sql->innerJoin('simpleblog_post_lang', 'l', 'sbp.id_simpleblog_post = l.id_simpleblog_post AND l.id_lang = ' . (int) $this->getIdLang());
-@@ -273 +273 @@ class BlogPostsFinder
--        $sql->innerJoin('simpleblog_post_shop', 'sbps', 'sbp.id_simpleblog_post = sbps.id_simpleblog_post AND sbps.id_shop = ' . $this->getIdShop());
-+        $sql->innerJoin('simpleblog_post_shop', 'sbps', 'sbp.id_simpleblog_post = sbps.id_simpleblog_post AND sbps.id_shop = ' . (int) $this->getIdShop());
-@@ -284 +284 @@ class BlogPostsFinder
--                    $child_categories[] = $child['id_simpleblog_category'];
-+                    $child_categories[] = pSQL($child['id_simpleblog_category']);
-@@ -323 +323 @@ class BlogPostsFinder
--                    $sql->where($this->getCustomWhere());
-+                    $sql->where($condition);
-diff --git a/models/SimpleBlogCategory.php b/models/SimpleBlogCategory.php
-index 23badad..56d9c25 100644
---- a/models/SimpleBlogCategory.php
-+++ b/models/SimpleBlogCategory.php
+--- a/modules/ph_simpleblog/models/SimpleBlogCategory.php
++++ b/modules/ph_simpleblog/models/SimpleBlogCategory.php
 @@ -421 +421 @@ class SimpleBlogCategory extends ObjectModel
 -            $sql->where('l.link_rewrite = \'' . $rewrite . '\' AND l.id_lang = ' . (int) $id_lang);
 +            $sql->where('l.link_rewrite = \'' . pSQL($rewrite) . '\' AND l.id_lang = ' . (int) $id_lang);
@@ -97,19 +76,15 @@ index 23badad..56d9c25 100644
 @@ -466 +466 @@ class SimpleBlogCategory extends ObjectModel
 -        $orig_location = _PS_MODULE_DIR_ . 'ph_simpleblog/covers_cat/' . $object->id . '.' . $object->cover;
 +        $orig_location = _PS_MODULE_DIR_ . 'ph_simpleblog/covers_cat/' . (int) $object->id . '.' . $object->cover;
-diff --git a/models/SimpleBlogPost.php b/models/SimpleBlogPost.php
-index 0d140a3..77ee13e 100644
---- a/models/SimpleBlogPost.php
-+++ b/models/SimpleBlogPost.php
+
+--- a/modules/ph_simpleblog/models/SimpleBlogPost.php
++++ b/modules/ph_simpleblog/models/SimpleBlogPost.php
 @@ -291 +291 @@ class SimpleBlogPost extends ObjectModel
 -            $sql->where('sbp.id_simpleblog_post ' . $filter . ' (' . implode(',', $selected) . ')');
-+            $sql->where('sbp.id_simpleblog_post ' . pSQL($filter) . ' (' . implode(',', $selected) . ')');
++            $sql->where('sbp.id_simpleblog_post ' . ($filter == 'IN' ? 'IN' : 'NOT IN') . ' (' . implode(',', array_map('intval', $selected)) . ')');
 @@ -413 +413 @@ class SimpleBlogPost extends ObjectModel
 -            $sql->where('sbp.id_simpleblog_post ' . $filter . ' (' . implode(',', $selected) . ')');
-+            $sql->where('sbp.id_simpleblog_post ' . pSQL($filter) . ' (' . implode(',', $selected) . ')');
-@@ -428 +428 @@ class SimpleBlogPost extends ObjectModel
--        $sql->limit($limit, $start);
-+        $sql->limit((int) $limit, $start);
++            $sql->where('sbp.id_simpleblog_post ' . ($filter == 'IN' ? 'IN' : 'NOT IN') . ' (' . implode(',', array_map('intval', $selected)) . ')');
 @@ -504 +504 @@ class SimpleBlogPost extends ObjectModel
 -            $sql->where('l.link_rewrite = \'' . $rewrite . '\'');
 +            $sql->where('l.link_rewrite = \'' . pSQL($rewrite) . '\'');
@@ -137,10 +112,9 @@ index 0d140a3..77ee13e 100644
 @@ -838 +838 @@ class SimpleBlogPost extends ObjectModel
 -        $sql = 'UPDATE `' . _DB_PREFIX_ . 'simpleblog_post` SET `views` = `views` + 1 WHERE id_simpleblog_post = ' . $this->id_simpleblog_post;
 +        $sql = 'UPDATE `' . _DB_PREFIX_ . 'simpleblog_post` SET `views` = `views` + 1 WHERE id_simpleblog_post = ' . (int) $this->id_simpleblog_post;
-diff --git a/models/SimpleBlogPostType.php b/models/SimpleBlogPostType.php
-index a4ce8e8..449efd6 100644
---- a/models/SimpleBlogPostType.php
-+++ b/models/SimpleBlogPostType.php
+
+--- a/modules/ph_simpleblog/models/SimpleBlogPostType.php
++++ b/modules/ph_simpleblog/models/SimpleBlogPostType.php
 @@ -68 +68 @@ class SimpleBlogPostType extends ObjectModel
 -        $sql->where('slug = \'' . $slug . '\'');
 +        $sql->where('slug = \'' . pSQL($slug) . '\''