Skip to content

Commit

Permalink
fix: DB:rawを使っているため危険な処理を削除し、Prepaired Statementに変更
Browse files Browse the repository at this point in the history
  • Loading branch information
@Remicck
Remicck committed Nov 1, 2023
1 parent 284e9cf commit 0341c76
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 16 deletions.
20 changes: 12 additions & 8 deletions app/Console/Commands/SendMailReminder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,19 +110,23 @@ private function getScheduleReminders(){

$notifications = $query->get();

//繰り返し予定の抽出
$recurrings = Recurring::with(['schedule','schedule.attendees'])
->join('schedules', 'recurrings.schedule_id', '=', 'schedules.id')
->where('recurrings.deleted','=',false)
->where('recurrings.start_date', '<=', $nowDatetime)
->where('recurrings.end_date', '>=', \DB::raw("DATE_SUB('".$nowDatetime."', INTERVAL TIMESTAMPDIFF(DAY,schedules.start_date,schedules.end_date) DAY)"))// カレンダーの開始日から予定の期間(日)を引いた日付が終了日以下の場合
->get();

$activeStartFormatted = new DateTime($nowDatetime);
$activeStartFormatted->format('Y-m-d');
$activeEndFormatted = new DateTime($nowDatetime);
$activeEndFormatted->format('Y-m-d');

//繰り返し予定の抽出
$recurrings = Recurring::with(['schedule','schedule.attendees'])
->join('schedules', 'recurrings.schedule_id', '=', 'schedules.id')
->where('recurrings.deleted','=',false)
->where('recurrings.start_date', '<=', $nowDatetime)
// カレンダーの開始日から予定の期間(日)を引いた日付が終了日以下の場合
->whereRaw(
'recurrings.end_date >= DATE_SUB(?, INTERVAL TIMESTAMPDIFF(DAY, schedules.start_date, schedules.end_date) DAY)',
[$activeStartFormatted]
)
->get();

$transformer = new \Recurr\Transformer\ArrayTransformer();
$transformerConfig = new \Recurr\Transformer\ArrayTransformerConfig();
$transformerConfig->enableLastDayOfMonthFix();
Expand Down
6 changes: 5 additions & 1 deletion app/Http/Controllers/HolidayController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,11 @@ public function index(Request $request)

$query = Holiday::select('*');
if( strlen($search) > 0 ) {
$query->where(\DB::raw("CONCAT(summary, ',', holiday)"), 'LIKE', "%{$search}%");
$searchTerm = "%{$search}%";
$query->whereRaw(
"CONCAT(summary, ',', holiday) LIKE ?",
[$searchTerm]
);
}
$holidayYear = $request->get("holiday_year");
if(!empty($holidayYear)) {
Expand Down
16 changes: 10 additions & 6 deletions app/Http/Controllers/ScheduleController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,19 +119,23 @@ private function getSchedules($viewType, $activeStart, $activeEnd, $user_ids, $m

$event_arrays= [];

$activeStartFormatted = new DateTime($activeStart);
$activeStartFormatted->format('Y-m-d');
$activeEndFormatted = new DateTime($activeEnd);
$activeEndFormatted->format('Y-m-d');

//繰り返し予定の抽出
$recurrings = Recurring::with(['schedule','schedule.attendees'])
->join('schedules', 'recurrings.schedule_id', '=', 'schedules.id')
->where('recurrings.deleted','=',false)
->where('recurrings.start_date', '<=', $activeEnd)
->where('recurrings.end_date', '>=', \DB::raw("DATE_SUB('".$activeStart."', INTERVAL TIMESTAMPDIFF(DAY,schedules.start_date,schedules.end_date) DAY)"))// カレンダーの開始日から予定の期間(日)を引いた日付が終了日以下の場合
// カレンダーの開始日から予定の期間(日)を引いた日付が終了日以下の場合
->whereRaw(
'recurrings.end_date >= DATE_SUB(?, INTERVAL TIMESTAMPDIFF(DAY, schedules.start_date, schedules.end_date) DAY)',
[$activeStartFormatted]
)
->get();

$activeStartFormatted = new DateTime($activeStart);
$activeStartFormatted->format('Y-m-d');
$activeEndFormatted = new DateTime($activeEnd);
$activeEndFormatted->format('Y-m-d');

//繰り返し予定をRRuleに従い展開
//parent_idとparent_uidを割り振り3次元配列に格納
foreach ($recurrings as $key => $recurring){
Expand Down
6 changes: 5 additions & 1 deletion app/Http/Controllers/UserController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,11 @@ public function index(Request $request){

$query = User::select('users.*');
if( strlen($search) > 0 ) {
$query->where(\DB::raw("CONCAT(lastname, ',', IFNULL(firstname,''), ',', IFNULL(email,'') )"), 'LIKE', "%{$search}%");
$searchTerm = "%{$search}%";
$query->whereRaw(
"CONCAT(lastname, ',', IFNULL(firstname, ''), ',', IFNULL(email, '') ) LIKE ?",
[$searchTerm]
);
}
if( strlen($sortBy) > 0 ) {
$query->orderBy($sortBy, $sortStr);
Expand Down

0 comments on commit 0341c76

Please sign in to comment.