recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make ManiphestTaskQuery more modern and safe

Summary: Ref T8637. This class has some really old parameter handling which can send `withIDs(array())` down a "fetch everything" pathway. Clean up most of it.

Test Plan: Issued every ApplicationSearch query.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8637

Differential Revision: https://secure.phabricator.com/D13390

epriestley 487e1210 0597aba3

+95 -111
+95 -111
src/applications/maniphest/query/ManiphestTaskQuery.php
··· 6 6 */ 7 7 final class ManiphestTaskQuery extends PhabricatorCursorPagedPolicyAwareQuery { 8 8 9 - private $taskIDs = array(); 10 - private $taskPHIDs = array(); 11 - private $authorPHIDs = array(); 12 - private $ownerPHIDs = array(); 9 + private $taskIDs; 10 + private $taskPHIDs; 11 + private $authorPHIDs; 12 + private $ownerPHIDs; 13 13 private $noOwner; 14 14 private $anyOwner; 15 - private $subscriberPHIDs = array(); 15 + private $subscriberPHIDs; 16 16 private $dateCreatedAfter; 17 17 private $dateCreatedBefore; 18 18 private $dateModifiedAfter; ··· 216 216 $task_dao = new ManiphestTask(); 217 217 $conn = $task_dao->establishConnection('r'); 218 218 219 - $where = array(); 220 - $where[] = $this->buildTaskIDsWhereClause($conn); 221 - $where[] = $this->buildTaskPHIDsWhereClause($conn); 222 - $where[] = $this->buildStatusWhereClause($conn); 223 - $where[] = $this->buildStatusesWhereClause($conn); 224 - $where[] = $this->buildDependenciesWhereClause($conn); 225 - $where[] = $this->buildAuthorWhereClause($conn); 226 - $where[] = $this->buildOwnerWhereClause($conn); 227 - $where[] = $this->buildFullTextWhereClause($conn); 228 - 229 - if ($this->dateCreatedAfter) { 230 - $where[] = qsprintf( 231 - $conn, 232 - 'task.dateCreated >= %d', 233 - $this->dateCreatedAfter); 234 - } 235 - 236 - if ($this->dateCreatedBefore) { 237 - $where[] = qsprintf( 238 - $conn, 239 - 'task.dateCreated <= %d', 240 - $this->dateCreatedBefore); 241 - } 242 - 243 - if ($this->dateModifiedAfter) { 244 - $where[] = qsprintf( 245 - $conn, 246 - 'task.dateModified >= %d', 247 - $this->dateModifiedAfter); 248 - } 249 - 250 - if ($this->dateModifiedBefore) { 251 - $where[] = qsprintf( 252 - $conn, 253 - 'task.dateModified <= %d', 254 - $this->dateModifiedBefore); 255 - } 256 - 257 - if ($this->priorities) { 258 - $where[] = qsprintf( 259 - $conn, 260 - 'task.priority IN (%Ld)', 261 - $this->priorities); 262 - } 263 - 264 - if ($this->subpriorities) { 265 - $where[] = qsprintf( 266 - $conn, 267 - 'task.subpriority IN (%Lf)', 268 - $this->subpriorities); 269 - } 270 - 271 - if ($this->subpriorityMin) { 272 - $where[] = qsprintf( 273 - $conn, 274 - 'task.subpriority >= %f', 275 - $this->subpriorityMin); 276 - } 277 - 278 - if ($this->subpriorityMax) { 279 - $where[] = qsprintf( 280 - $conn, 281 - 'task.subpriority <= %f', 282 - $this->subpriorityMax); 283 - } 284 - 285 - $where[] = $this->buildWhereClauseParts($conn); 286 - 287 - $where = $this->formatWhereClause($where); 219 + $where = $this->buildWhereClause($conn); 288 220 289 221 $group_column = ''; 290 222 switch ($this->groupBy) { ··· 392 324 return $tasks; 393 325 } 394 326 395 - private function buildTaskIDsWhereClause(AphrontDatabaseConnection $conn) { 396 - if (!$this->taskIDs) { 397 - return null; 327 + protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { 328 + $where = parent::buildWhereClauseParts($conn); 329 + 330 + $where[] = $this->buildStatusWhereClause($conn); 331 + $where[] = $this->buildDependenciesWhereClause($conn); 332 + $where[] = $this->buildOwnerWhereClause($conn); 333 + $where[] = $this->buildFullTextWhereClause($conn); 334 + 335 + if ($this->taskIDs !== null) { 336 + $where[] = qsprintf( 337 + $conn, 338 + 'task.id in (%Ld)', 339 + $this->taskIDs); 398 340 } 399 341 400 - return qsprintf( 401 - $conn, 402 - 'task.id in (%Ld)', 403 - $this->taskIDs); 404 - } 342 + if ($this->taskPHIDs !== null) { 343 + $where[] = qsprintf( 344 + $conn, 345 + 'task.phid in (%Ls)', 346 + $this->taskPHIDs); 347 + } 405 348 406 - private function buildTaskPHIDsWhereClause(AphrontDatabaseConnection $conn) { 407 - if (!$this->taskPHIDs) { 408 - return null; 349 + if ($this->statuses !== null) { 350 + $where[] = qsprintf( 351 + $conn, 352 + 'task.status IN (%Ls)', 353 + $this->statuses); 354 + } 355 + 356 + if ($this->authorPHIDs !== null) { 357 + $where[] = qsprintf( 358 + $conn, 359 + 'task.authorPHID in (%Ls)', 360 + $this->authorPHIDs); 361 + } 362 + 363 + if ($this->dateCreatedAfter) { 364 + $where[] = qsprintf( 365 + $conn, 366 + 'task.dateCreated >= %d', 367 + $this->dateCreatedAfter); 368 + } 369 + 370 + if ($this->dateCreatedBefore) { 371 + $where[] = qsprintf( 372 + $conn, 373 + 'task.dateCreated <= %d', 374 + $this->dateCreatedBefore); 375 + } 376 + 377 + if ($this->dateModifiedAfter) { 378 + $where[] = qsprintf( 379 + $conn, 380 + 'task.dateModified >= %d', 381 + $this->dateModifiedAfter); 382 + } 383 + 384 + if ($this->dateModifiedBefore) { 385 + $where[] = qsprintf( 386 + $conn, 387 + 'task.dateModified <= %d', 388 + $this->dateModifiedBefore); 389 + } 390 + 391 + if ($this->priorities !== null) { 392 + $where[] = qsprintf( 393 + $conn, 394 + 'task.priority IN (%Ld)', 395 + $this->priorities); 396 + } 397 + 398 + if ($this->subpriorities !== null) { 399 + $where[] = qsprintf( 400 + $conn, 401 + 'task.subpriority IN (%Lf)', 402 + $this->subpriorities); 403 + } 404 + 405 + if ($this->subpriorityMin !== null) { 406 + $where[] = qsprintf( 407 + $conn, 408 + 'task.subpriority >= %f', 409 + $this->subpriorityMin); 410 + } 411 + 412 + if ($this->subpriorityMax !== null) { 413 + $where[] = qsprintf( 414 + $conn, 415 + 'task.subpriority <= %f', 416 + $this->subpriorityMax); 409 417 } 410 418 411 - return qsprintf( 412 - $conn, 413 - 'task.phid in (%Ls)', 414 - $this->taskPHIDs); 419 + return $where; 415 420 } 416 421 417 422 private function buildStatusWhereClause(AphrontDatabaseConnection $conn) { ··· 446 451 'task.status = %s', 447 452 $constant); 448 453 } 449 - } 450 - 451 - private function buildStatusesWhereClause(AphrontDatabaseConnection $conn) { 452 - if ($this->statuses) { 453 - return qsprintf( 454 - $conn, 455 - 'task.status IN (%Ls)', 456 - $this->statuses); 457 - } 458 - return null; 459 - } 460 - 461 - private function buildAuthorWhereClause(AphrontDatabaseConnection $conn) { 462 - if (!$this->authorPHIDs) { 463 - return null; 464 - } 465 - 466 - return qsprintf( 467 - $conn, 468 - 'task.authorPHID in (%Ls)', 469 - $this->authorPHIDs); 470 454 } 471 455 472 456 private function buildOwnerWhereClause(AphrontDatabaseConnection $conn) { ··· 590 574 id(new ManiphestTask())->getTableName()); 591 575 } 592 576 593 - if ($this->subscriberPHIDs) { 577 + if ($this->subscriberPHIDs !== null) { 594 578 $joins[] = qsprintf( 595 579 $conn_r, 596 580 'JOIN %T e_ccs ON e_ccs.src = task.phid '.