[BUGFIX] Add missing quote

georgringer · georgringer · commit 25d04e6d2071 · 2026-05-26T22:29:43.000+02:00
diff --git a/Classes/Controller/NewsController.php b/Classes/Controller/NewsController.php
@@ -132,8 +132,7 @@ protected function createDemandObjectFromSettings(
         $class = isset($settings['demandClass']) && !empty($settings['demandClass']) ? $settings['demandClass'] : $class;
 
         /* @var $demand NewsDemand */
-        $demand = GeneralUtility::makeInstance($class, $settings);
-        if (!$demand instanceof NewsDemand) {
+        if (!is_a($class, NewsDemand::class, true)) {
             throw new \UnexpectedValueException(
                 sprintf(
                     'The demand object must be an instance of %s, but %s given!',
@@ -144,6 +143,7 @@ protected function createDemandObjectFromSettings(
             );
         }
 
+        $demand = GeneralUtility::makeInstance($class, $settings);
         $demand->setCategories(GeneralUtility::trimExplode(',', $settings['categories'] ?? '', true));
         $demand->setCategoryConjunction((string)($settings['categoryConjunction'] ?? ''));
         $demand->setIncludeSubCategories((bool)($settings['includeSubCategories'] ?? false));
diff --git a/Classes/Domain/Repository/AbstractDemandedRepository.php b/Classes/Domain/Repository/AbstractDemandedRepository.php
@@ -98,9 +98,10 @@ public function findDemandedRaw(DemandInterface $demand, $respectEnableFields =
         $queryBuilder = $queryParser->convertQueryToDoctrineQueryBuilder($query);
         $queryParameters = $queryBuilder->getParameters();
         $params = [];
+        $connection = $queryBuilder->getConnection();
         foreach ($queryParameters as $key => $value) {
             // prefix array keys with ':'
-            $params[':' . $key] = (is_numeric($value)) ? $value : "'" . $value . "'"; //all non numeric values have to be quoted
+            $params[':' . $key] = (is_numeric($value)) ? $value : $connection->quote($value); //all non numeric values have to be quoted
             unset($params[$key]);
         }
         // replace placeholders with real values
diff --git a/Classes/Domain/Repository/NewsRepository.php b/Classes/Domain/Repository/NewsRepository.php
@@ -364,6 +364,8 @@ public function findByUid($uid, $respectEnableFields = true): ?\GeorgRinger\News
      */
     public function countByDate(DemandInterface $demand): array
     {
+        $connection = GeneralUtility::makeInstance(ConnectionPool::class)
+            ->getConnectionForTable('tx_news_domain_model_news');
         $data = [];
         $sql = $this->findDemandedRaw($demand);
 
@@ -372,17 +374,14 @@ public function countByDate(DemandInterface $demand): array
 
         // Get the month/year into the result
         $field = $demand->getDateField();
-        $field = empty($field) ? 'datetime' : $field;
+        $field = $connection->quoteIdentifier(empty($field) ? 'datetime' : $field);
 
         $sql = 'SELECT MONTH(FROM_UNIXTIME(0) + INTERVAL ' . $field . ' SECOND ) AS "_Month",' .
             ' YEAR(FROM_UNIXTIME(0) + INTERVAL ' . $field . ' SECOND) AS "_Year" ,' .
             ' count(MONTH(FROM_UNIXTIME(0) + INTERVAL ' . $field . ' SECOND )) as count_month,' .
             ' count(YEAR(FROM_UNIXTIME(0) + INTERVAL ' . $field . ' SECOND)) as count_year' .
             ' FROM tx_news_domain_model_news ' . substr($sql, strpos($sql, 'WHERE '));
 
-        $connection = GeneralUtility::makeInstance(ConnectionPool::class)
-            ->getConnectionForTable('tx_news_domain_model_news');
-
         if (TYPO3_MODE === 'FE') {
             $sql .= $GLOBALS['TSFE']->sys_page->enableFields('tx_news_domain_model_news');
         } else {
diff --git a/ext_emconf.php b/ext_emconf.php
@@ -8,7 +8,7 @@
     'author_email' => 'mail@ringer.it',
     'state' => 'stable',
     'clearCacheOnLoad' => true,
-    'version' => '9.4.0',
+    'version' => '9.4.1',
     'constraints' => [
         'depends' => [
             'typo3' => '10.4.13-11.9.99',
