This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » Developer » eZImageFile improvement (eZ 4)
expandshrink

eZImageFile improvement (eZ 4)

eZImageFile improvement (eZ 4)

Wednesday 21 August 2013 4:54:25 pm

Hi,

I am working on a project where I need to override content object attributes per siteaccess. I'm almost done, it works well. The overriding system is low-level, so it's transparent to eZ Publish. I had to override all the datatypes. In doing so, I found a function that was strangely coded in eZImageFile class :

static function fetchImageAttributesByFilepath( $filepath, $contentObjectAttributeID )
{
    $db = eZDB::instance();
    $contentObjectAttributeID = (int) $contentObjectAttributeID;
 
    $cond = array( 'id' => $contentObjectAttributeID );
    $fields = array( 'contentobject_id', 'contentclassattribute_id' );
    $limit = array( 'offset' => 0, 'length' => 1 );
    $rows = eZPersistentObject::fetchObjectList( eZContentObjectAttribute::definition(),
                                                 $fields,
                                                 $cond,
                                                 null,
                                                 $limit,
                                                 false );
    if ( count( $rows ) != 1 )
        return array();
 
    $contentObjectID = (int)( $rows[0]['contentobject_id'] );
    $contentClassAttributeID = (int)( $rows[0]['contentclassattribute_id'] );
    // Transform ", &, < and > to entities since they are being transformed in entities by DOM
    // See eZImageAliasHandler::initialize()
    // Ref https://jira.ez.no/browse/EZP-20090
    $filepath = $db->escapeString(
        htmlspecialchars(
            $filepath,
            // Forcing default flags to be able to specify encoding. See http://php.net/htmlspecialchars
            version_compare( PHP_VERSION, '5.4.0', '>=' ) ? ENT_COMPAT | ENT_HTML401 : ENT_COMPAT,
            'UTF-8'
        )
    );
    // Escape _ in like to avoid it to act as a wildcard !
    $filepath = addcslashes( $filepath, "_" );
    $query = "SELECT id, version
              FROM   ezcontentobject_attribute
              WHERE  contentobject_id = $contentObjectID and
                     contentclassattribute_id = $contentClassAttributeID and
                     data_text like '%url=\"$filepath\"%'";
    $rows = $db->arrayQuery( $query );
    return $rows;
}

It does two queries, that could be done in only one. Do you see a reason why it has been coded that way or is it a mistake ? Maybe it dates from the time eZPersistentObject::fetchObjectList() didn't allow custom conds, or something like that.

So here is the function, rewritten :

static function fetchImageAttributesByFilepath( $filepath, $contentObjectAttributeID )
{
    $db = eZDB::instance();
    $contentObjectAttributeID = (int) $contentObjectAttributeID;
 
    /* Transform ", &, < and > to entities since they are being transformed in entities by DOM
     * See eZImageAliasHandler::initialize()
     * Ref https://jira.ez.no/browse/EZP-20090
     */
    $filepath = $db->escapeString(
        htmlspecialchars(
            $filepath,
            // Forcing default flags to be able to specify encoding. See http://php.net/htmlspecialchars
            version_compare( PHP_VERSION, '5.4.0', '>=' ) ? ENT_COMPAT | ENT_HTML401 : ENT_COMPAT,
            'UTF-8'
        )
    );
    // Escape _ in like to avoid it to act as a wildcard !
    $filepath = addcslashes( $filepath, "_" );
 
    // Fetch eZContentObjectAttribute objects
    $conds = array( 'id' => $contentObjectAttributeID);
    $fields = array( 'id', 'version' );
    $where = " AND data_text like '%url=\"$filepath\"%'";
    $rows = eZPersistentObject::fetchObjectList( eZContentObjectAttribute::definition(),
                                                 $fields,
                                                 $conds,
                                                 null,
                                                 null,
                                                 false,
                                                 false,
                                                 null,
                                                 null,
                                                 $where );
 
    return $rows;
}

I tested both old and new versions, with same input. The returned value is the same. Am I doing right ?
Vince

No reply yet!

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from