From 443fd92af783aef3a95acac6003de3f10066ddfc Mon Sep 17 00:00:00 2001
From: Christian Hartmann <chris-hartmann@gmx.de>
Date: Tue, 7 Jan 2025 11:31:12 +0100
Subject: [PATCH] Refactor FormMapper: Improve parameter handling in
 findSharedForms method

Signed-off-by: Christian Hartmann <chris-hartmann@gmx.de>
---
 lib/Db/FormMapper.php | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

diff --git a/lib/Db/FormMapper.php b/lib/Db/FormMapper.php
index 649494b3b..e602c4492 100644
--- a/lib/Db/FormMapper.php
+++ b/lib/Db/FormMapper.php
@@ -108,16 +108,16 @@ public function findSharedForms(string $userId, array $groups = [], array $teams
 		// share type user and share with current user
 		$memberships->add(
 			$qbShares->expr()->andX(
-				$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_USER)),
-				$qbShares->expr()->eq('shares.share_with', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR)),
+				$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_USER, IQueryBuilder::PARAM_STR, ':share_type_user')),
+				$qbShares->expr()->eq('shares.share_with', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR, ':share_with_user')),
 			),
 		);
 		// share type group and one of the user groups
 		if (!empty($groups)) {
 			$memberships->add(
 				$qbShares->expr()->andX(
-					$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_GROUP)),
-					$qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($groups, IQueryBuilder::PARAM_STR_ARRAY)),
+					$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_GROUP, IQueryBuilder::PARAM_STR, ':share_type_group')),
+					$qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($groups, IQueryBuilder::PARAM_STR_ARRAY, ':share_with_groups')),
 				),
 			);
 		}
@@ -125,19 +125,19 @@ public function findSharedForms(string $userId, array $groups = [], array $teams
 		if (!empty($teams)) {
 			$memberships->add(
 				$qbShares->expr()->andX(
-					$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_CIRCLE)),
-					$qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($teams, IQueryBuilder::PARAM_STR_ARRAY)),
+					$qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_CIRCLE, IQueryBuilder::PARAM_STR, ':share_type_team')),
+					$qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($teams, IQueryBuilder::PARAM_STR_ARRAY, ':share_with_teams')),
 				),
 			);
 		}
 
-		// build expression for publicy shared forms (default only directly shown)
+		// build expression for publicly shared forms (default only directly shown)
 		if ($filterShown) {
 			// Only shown
-			$access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY));
+			$access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY, ':access_shown'));
 		} else {
 			// All
-			$access = $qbShares->expr()->neq('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_NOPUBLICSHARE, IQueryBuilder::PARAM_INT));
+			$access = $qbShares->expr()->neq('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_NOPUBLICSHARE, IQueryBuilder::PARAM_INT, ':access_nopublicshare'));
 		}
 
 		// Select all DISTINCT IDs of shared forms
@@ -146,7 +146,7 @@ public function findSharedForms(string $userId, array $groups = [], array $teams
 			->leftJoin('forms', $this->shareMapper->getTableName(), 'shares', $qbShares->expr()->eq('forms.id', 'shares.form_id'))
 			->where($memberships)
 			->orWhere($access)
-			->andWhere($qbShares->expr()->neq('forms.owner_id', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR)));
+			->andWhere($qbShares->expr()->neq('forms.owner_id', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR, ':owner_id')));
 
 		// Select the whole forms for the DISTINCT shared forms IDs
 		$qbForms->select('*')
@@ -158,12 +158,15 @@ public function findSharedForms(string $userId, array $groups = [], array $teams
 			->addOrderBy('created', 'DESC');
 
 		if ($queryTerm) {
-			$qbForms->andWhere($qbForms->expr()->iLike('title', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%')) .
-				' OR ' . $qbForms->expr()->iLike('description', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%')));
+			$qbForms->andWhere($qbForms->expr()->iLike('title', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%', IQueryBuilder::PARAM_STR, ':query_term_title')) .
+				' OR ' . $qbForms->expr()->iLike('description', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%', IQueryBuilder::PARAM_STR, ':query_term_description')));
 		}
 
-		// We need to add the parameters from the shared forms IDs select to the final select query
-		$qbForms->setParameters($qbShares->getParameters(), $qbShares->getParameterTypes());
+		// Merge parameters and parameter types from $qbShares and $qbForms
+		$qbFormsParams = array_merge($qbShares->getParameters(), $qbForms->getParameters());
+		$qbFormsParamTypes = array_merge($qbShares->getParameterTypes(), $qbForms->getParameterTypes());
+
+		$qbForms->setParameters($qbFormsParams, $qbFormsParamTypes);
 
 		return $this->findEntities($qbForms);
 	}