From 5a6cd440392847e59da7baf7636fb764c236b8af Mon Sep 17 00:00:00 2001 From: CoreShop Date: Mon, 12 Jan 2026 03:45:15 +0000 Subject: [PATCH 1/3] [CS] Refactor --- src/CoreShop/Bundle/CoreBundle/Report/CategoriesReport.php | 4 ++-- src/CoreShop/Bundle/CoreBundle/Report/ProductsReport.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/CoreShop/Bundle/CoreBundle/Report/CategoriesReport.php b/src/CoreShop/Bundle/CoreBundle/Report/CategoriesReport.php index a308ad3c85..f3011b3725 100644 --- a/src/CoreShop/Bundle/CoreBundle/Report/CategoriesReport.php +++ b/src/CoreShop/Bundle/CoreBundle/Report/CategoriesReport.php @@ -136,10 +136,10 @@ public function getReportData(ParameterBag $parameterBag): array INNER JOIN object_query_$orderItemClassId AS orderItems ON orderItems.product__id = catProductDependencies.targetId INNER JOIN object_relations_$orderClassId AS orderRelations ON orderRelations.dest_id = orderItems.oo_id AND orderRelations.fieldname = \"items\" INNER JOIN object_query_$orderClassId AS `orders` ON `orders`.oo_id = orderRelations.src_id - WHERE orders.store = :storeId" . $orderStateInClause . " AND orders.orderDate > :fromTimestamp AND orders.orderDate < :toTimestamp AND orderItems.product__id IS NOT NULL + WHERE orders.store = :storeId" . $orderStateInClause . ' AND orders.orderDate > :fromTimestamp AND orders.orderDate < :toTimestamp AND orderItems.product__id IS NOT NULL GROUP BY categories.oo_id ORDER BY quantityCount DESC - LIMIT " . (int) $offset . ', ' . (int) $limit; + LIMIT ' . (int) $offset . ', ' . (int) $limit; $results = $this->db->fetchAllAssociative($query, $queryParameters); } diff --git a/src/CoreShop/Bundle/CoreBundle/Report/ProductsReport.php b/src/CoreShop/Bundle/CoreBundle/Report/ProductsReport.php index 7a02e16fc1..813b06a0f2 100644 --- a/src/CoreShop/Bundle/CoreBundle/Report/ProductsReport.php +++ b/src/CoreShop/Bundle/CoreBundle/Report/ProductsReport.php @@ -151,10 +151,10 @@ public function getReportData(ParameterBag $parameterBag): array INNER JOIN object_relations_$orderClassId AS orderRelations ON orderRelations.src_id = orders.oo_id AND orderRelations.fieldname = \"items\" INNER JOIN object_query_$orderItemClassId AS orderItems ON orderRelations.dest_id = orderItems.oo_id INNER JOIN object_localized_query_" . $orderItemClassId . '_' . $locale . " AS orderItemsTranslated ON orderItems.oo_id = orderItemsTranslated.ooo_id - WHERE `orders`.store = :storeId AND $productTypeCondition" . $orderStateInClauseOrders . " AND `orders`.orderDate > :fromTimestamp AND `orders`.orderDate < :toTimestamp + WHERE `orders`.store = :storeId AND $productTypeCondition" . $orderStateInClauseOrders . ' AND `orders`.orderDate > :fromTimestamp AND `orders`.orderDate < :toTimestamp GROUP BY orderItems.objectId ORDER BY orderCount DESC - LIMIT " . (int) $offset . ', ' . (int) $limit; + LIMIT ' . (int) $offset . ', ' . (int) $limit; } $queryParameters = array_merge([ From af80b8f5c7df5f02f44e9c5e0a4a564de274eec2 Mon Sep 17 00:00:00 2001 From: Dominik Pfaffenbauer Date: Mon, 19 Jan 2026 08:56:14 +0100 Subject: [PATCH 2/3] Fix Injection in CustomerTransformerController --- .../CoreBundle/Controller/CustomerTransformerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/CoreShop/Bundle/CoreBundle/Controller/CustomerTransformerController.php b/src/CoreShop/Bundle/CoreBundle/Controller/CustomerTransformerController.php index 6c0de28b5b..90fb1c0cc2 100644 --- a/src/CoreShop/Bundle/CoreBundle/Controller/CustomerTransformerController.php +++ b/src/CoreShop/Bundle/CoreBundle/Controller/CustomerTransformerController.php @@ -41,7 +41,7 @@ public function checkForNameDuplicatesAction(Request $request): JsonResponse if ($value !== null) { $list = $this->getCompanyRepository()->getList(); - $list->addConditionParam(sprintf('name LIKE "%%%s%%"', (string) $value)); + $list->addConditionParam('name LIKE ?', '%' . $value . '%'); $foundObjects = $list->getData(); } From 2dbccd765dcfd115b51dcc7ac3dea4e9fc6add02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 21 Jan 2026 23:13:31 +0000 Subject: [PATCH 3/3] Bump lodash in /src/CoreShop/Bundle/FrontendBundle/Resources/assets Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.17.23 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- .../FrontendBundle/Resources/assets/package-lock.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/CoreShop/Bundle/FrontendBundle/Resources/assets/package-lock.json b/src/CoreShop/Bundle/FrontendBundle/Resources/assets/package-lock.json index 5f83d58ef8..3a5abda515 100644 --- a/src/CoreShop/Bundle/FrontendBundle/Resources/assets/package-lock.json +++ b/src/CoreShop/Bundle/FrontendBundle/Resources/assets/package-lock.json @@ -6127,10 +6127,11 @@ } }, "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true + "version": "4.17.23", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", + "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==", + "dev": true, + "license": "MIT" }, "node_modules/lodash.debounce": { "version": "4.0.8",