From ff63c5a5822fecb47105ffc584313556849a60b8 Mon Sep 17 00:00:00 2001
From: Jean-Christian Denis <contact@jcdenis.fr>
Date: Fri, 21 Apr 2023 00:14:04 +0200
Subject: [PATCH] use sql statement

---
 src/Frontend.php | 80 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 26 deletions(-)

diff --git a/src/Frontend.php b/src/Frontend.php
index f241450..dc8e84e 100644
--- a/src/Frontend.php
+++ b/src/Frontend.php
@@ -16,9 +16,14 @@ namespace Dotclear\Plugin\emailNotification;
 
 use cursor;
 use dcAuth;
+use dcBlog;
 use dcCore;
 use dcNsProcess;
 use dcRecord;
+use Dotclear\Database\Statement\{
+    JoinStatement,
+    SelectStatement
+};
 use Dotclear\Helper\Html\Html;
 use Dotclear\Helper\Network\Mail\Mail;
 use rsExtUser;
@@ -39,34 +44,57 @@ class Frontend extends dcNsProcess
         }
 
         dcCore::app()->addBehavior('publicAfterCommentCreate', function (cursor $cur, ?int $comment_id): void {
+            // nullsafe PHP < 8.0
+            if (is_null(dcCore::app()->auth) || is_null(dcCore::app()->blog)) {
+                return;
+            }
+
             # We don't want notification for spam
-            if ($cur->comment_status == -2) {
+            if ((int) $cur->getField('comment_status') == dcBlog::COMMENT_JUNK) {
                 return;
             }
 
             # Information on comment author and post author
             $rs = dcCore::app()->auth->sudo([dcCore::app()->blog, 'getComments'], ['comment_id' => $comment_id]);
-
-            if ($rs->isEmpty()) {
+            if (is_null($rs) || $rs->isEmpty()) {
                 return;
             }
 
-            # Information on blog users
-            $strReq = 'SELECT U.user_id, user_email, user_options ' .
-            'FROM ' . dcCore::app()->blog->prefix . dcAuth::USER_TABLE_NAME . ' U ' .
-            'JOIN ' . dcCore::app()->blog->prefix . dcAuth::PERMISSIONS_TABLE_NAME . ' P ON U.user_id = P.user_id ' .
-            "WHERE blog_id = '" . dcCore::app()->con->escapeStr(dcCore::app()->blog->id) . "' " .
-            'UNION ' .
-            'SELECT user_id, user_email, user_options ' .
-            'FROM ' . dcCore::app()->blog->prefix . dcAuth::USER_TABLE_NAME . ' ' .
-            'WHERE user_super = 1 ';
+            $sql   = new SelectStatement();
+            $users = $sql->from($sql->as(dcCore::app()->blog->prefix . dcAuth::USER_TABLE_NAME, 'U'))
+                ->columns([
+                    'U.user_id as user_id',
+                    'user_email',
+                    'user_options',
+                ])
+                ->join(
+                    (new JoinStatement())
+                    ->from($sql->as(dcCore::app()->blog->prefix . dcAuth::PERMISSIONS_TABLE_NAME, 'P'))
+                    ->on('U.user_id = P.user_id')
+                    ->statement()
+                )
+                ->where('blog_id = ' . $sql->quote(dcCore::app()->blog->id))
+                ->union(
+                    (new SelectStatement())
+                    ->columns([
+                        'U.user_id as user_id',
+                        'user_email',
+                        'user_options',
+                    ])
+                    ->from($sql->as(dcCore::app()->blog->prefix . dcAuth::USER_TABLE_NAME, 'U'))
+                    ->where('user_super = 1')
+                    ->statement()
+                )
+                ->select();
 
-            $users = dcCore::app()->con->select($strReq);
+            if (is_null($users) || $users->isEmpty()) {
+                return;
+            }
 
             # Create notify list
             $ulist = [];
             while ($users->fetch()) {
-                if (!$users->user_email) {
+                if (!$users->f('user_email')) {
                     continue;
                 }
 
@@ -75,15 +103,15 @@ class Frontend extends dcNsProcess
                 unset($o);
 
                 if ($notification_pref == 'all'
-                || ($notification_pref == 'mine' && $users->user_id == $rs->user_id)) {
-                    $ulist[$users->user_id] = $users->user_email;
+                || ($notification_pref == 'mine' && $users->f('user_id') == $rs->f('user_id'))) {
+                    $ulist[$users->f('user_id')] = $users->f('user_email');
                 }
             }
 
             if (count($ulist) > 0) {
                 # Author of the post wants to be notified by mail
                 $headers = [
-                    'Reply-To: ' . $rs->comment_email,
+                    'Reply-To: ' . $rs->f('comment_email'),
                     'Content-Type: text/plain; charset=UTF-8;',
                     'X-Mailer: Dotclear',
                     'X-Blog-Id: ' . Mail::B64Header(dcCore::app()->blog->id),
@@ -91,33 +119,33 @@ class Frontend extends dcNsProcess
                     'X-Blog-Url: ' . Mail::B64Header(dcCore::app()->blog->url),
                 ];
 
-                $subject = '[' . dcCore::app()->blog->name . '] ' . sprintf(__('"%s" - New comment'), $rs->post_title);
+                $subject = '[' . dcCore::app()->blog->name . '] ' . sprintf(__('"%s" - New comment'), $rs->f('post_title'));
                 $subject = Mail::B64Header($subject);
 
-                $msg = preg_replace('%</p>\s*<p>%msu', "\n\n", $rs->comment_content);
+                $msg = preg_replace('%</p>\s*<p>%msu', "\n\n", $rs->f('comment_content'));
                 $msg = Html::clean($msg);
                 $msg = html_entity_decode($msg);
 
-                if ($cur->comment_status == 1) {
+                if ((int) $cur->getField('comment_status') == dcBlog::COMMENT_PUBLISHED) {
                     $status = __('published');
-                } elseif ($cur->comment_status == 0) {
+                } elseif ((int) $cur->getField('comment_status') == dcBlog::COMMENT_UNPUBLISHED) {
                     $status = __('unpublished');
-                } elseif ($cur->comment_status == -1) {
+                } elseif ((int) $cur->getField('comment_status') == dcBlog::COMMENT_PENDING) {
                     $status = __('pending');
                 } else {
                     # unknown status
-                    $status = $cur->comment_status;
+                    $status = $cur->getField('comment_status');
                 }
 
                 $msg .= "\n\n-- \n" .
                 sprintf(__('Blog: %s'), dcCore::app()->blog->name) . "\n" .
-                sprintf(__('Entry: %s <%s>'), $rs->post_title, $rs->getPostURL()) . "\n" .
-                sprintf(__('Comment by: %s <%s>'), $rs->comment_author, $rs->comment_email) . "\n" .
+                sprintf(__('Entry: %s <%s>'), $rs->f('post_title'), $rs->getPostURL()) . "\n" .
+                sprintf(__('Comment by: %s <%s>'), $rs->f('comment_author'), $rs->f('comment_email')) . "\n" .
                 sprintf(__('Website: %s'), $rs->getAuthorURL()) . "\n" .
                 sprintf(__('Comment status: %s'), $status) . "\n" .
                 sprintf(__('Edit this comment: <%s>'), DC_ADMIN_URL .
                     ((substr(DC_ADMIN_URL, -1) != '/') ? '/' : '') .
-                    'comment.php?id=' . $cur->comment_id .
+                    'comment.php?id=' . $cur->getField('comment_id') .
                     '&switchblog=' . dcCore::app()->blog->id) . "\n" .
                 __('You must log in on the backend before clicking on this link to go directly to the comment.');