Remove raw sql

hook.php

@@ -86,9 +86,30 @@ function plugin_escalade_install() {
       ) ENGINE=InnoDB DEFAULT CHARSET={$default_charset} COLLATE={$default_collation} ROW_FORMAT=DYNAMIC;";
       $DB->query($query);
 
-      $query = "INSERT INTO glpi_plugin_escalade_configs
-      VALUES (NULL, 1, 1, 1, 1, 1, 0, 0, 1, 1, 0, 0, 0, 1, 1, 0, 1, 1, 0, 1, 0, '".Ticket::WAITING."',0)";
-      $DB->query($query);
+      $DB->insert('glpi_plugin_escalade_configs', [
+         'remove_group' => 1,
+         'show_history' => 1,
+         'task_history' => 1,
+         'remove_tech' => 1,
+         'solve_return_group' => 1,
+         'reassign_group_from_cat' => 0,
+         'reassign_tech_from_cat' => 0,
+         'cloneandlink_ticket' => 1,
+         'close_linkedtickets' => 1,
+         'use_assign_user_group' => 0,
+         'use_assign_user_group_creation' => 0,
+         'use_assign_user_group_modification' => 0,
+         'remove_delete_requester_user_btn' => 1,
+         'remove_delete_watcher_user_btn' => 1,
+         'remove_delete_assign_user_btn' => 0,
+         'remove_delete_requester_group_btn' => 1,
+         'remove_delete_watcher_group_btn' => 1,
+         'remove_delete_assign_group_btn' => 0,
+         'remove_delete_assign_supplier_btn' => 1,
+         'use_filter_assign_group' => 1,
+         'ticket_last_status' => Ticket::WAITING,
+         'remove_requester' => 0
+      ]);
    }
 
    // == Update to 1.2 ==
@@ -167,10 +188,11 @@ function plugin_escalade_install() {
                $status = -1;
                break;
          }
-         $query = "UPDATE `glpi_plugin_escalade_configs`
-                   SET `ticket_last_status` = '".$status."'
-                   WHERE `id` = '".$data['id']."'";
-         $DB->query($query);
+         $DB->update('glpi_plugin_escalade_configs', [
+            'ticket_last_status' => $status
+         ], [
+            'id' => $data['id']
+         ]);
       }
 
       $query = "ALTER TABLE `glpi_plugin_escalade_configs` MODIFY `ticket_last_status` INT;";
@@ -204,9 +226,10 @@ function plugin_escalade_install() {
 
       $user = new User();
       foreach ($user->find() as $data) {
-         $query = "INSERT INTO glpi_plugin_escalade_users (`users_id`, `use_filter_assign_group`)
-                     VALUES (".$data['id'].", $default_value)";
-         $DB->query($query);
+         $DB->insert('glpi_plugin_escalade_users', [
+            'users_id' => $data['id'],
+            'use_filter_assign_group' => $default_value
+         ]);
       }
    }
 
@@ -343,7 +366,7 @@ function plugin_escalade_item_purge($item) {
    global $DB;
 
    if ($item instanceof User) {
-      $DB->query("DELETE FROM glpi_plugin_escalade_users WHERE users_id = ".$item->getID());
+      $DB->delete('glpi_plugin_escalade_users', ['users_id' => $item->getID()]);
    }
 
    if ($item instanceof Ticket) {
@@ -377,9 +400,10 @@ function plugin_escalade_item_add_user($item) {
       $config->getFromDB(1);
       $default_value = $config->fields["use_filter_assign_group"];
 
-      $query = "INSERT INTO glpi_plugin_escalade_users (`users_id`, `use_filter_assign_group`)
-                  VALUES (".$item->getID().", $default_value)";
-      $DB->query($query);
+      $DB->insert('glpi_plugin_escalade_users', [
+         'users_id' => $item->getID(),
+         'use_filter_assign_group' => $default_value
+      ]);
    }
 
    if ($item instanceof Ticket_User) {

inc/history.class.php

@@ -187,57 +187,71 @@ static function showCentralSpecificList($type) {
          return false;
       }
 
-      $groups     = implode("','", $_SESSION['glpigroups']);
-      $numrows    = 0;
-      $is_deleted = " `glpi_tickets`.`is_deleted` = 0 ";
+      $criteria = [
+         'SELECT' => ['glpi_tickets.id'],
+         'DISTINCT' => true,
+         'FROM' => 'glpi_tickets',
+         'LEFT JOIN' => [
+            'glpi_tickets_users' => [
+               'ON' => [
+                  'glpi_tickets' => 'id',
+                  'glpi_tickets_users' => 'tickets_id'
+               ]
+            ]
+         ],
+         'WHERE' => [
+            'glpi_tickets.is_deleted' => 0,
+         ],
+         'ORDER' => ['glpi_tickets.date_mod DESC']
+      ];
 
       if ($type == "notold") {
          $title = __("Tickets to follow (escalated)", "escalade");
          $status = CommonITILObject::INCOMING.", ".CommonITILObject::PLANNED.", ".
                    CommonITILObject::ASSIGNED.", ".CommonITILObject::WAITING;
 
-         $search_assign = " `glpi_plugin_escalade_histories`.`groups_id` IN ('$groups')
-            AND (`glpi_groups_tickets`.`groups_id` NOT IN ('$groups')
-            OR `glpi_groups_tickets`.`groups_id` IS NULL)";
-
-         $query_join = "LEFT JOIN `glpi_plugin_escalade_histories`
-            ON (`glpi_tickets`.`id` = `glpi_plugin_escalade_histories`.`tickets_id`)
-         LEFT JOIN `glpi_groups_tickets`
-            ON (`glpi_tickets`.`id` = `glpi_groups_tickets`.`tickets_id`
-               AND `glpi_groups_tickets`.`type`=2)";
+         $criteria['WHERE']['glpi_plugin_escalade_histories.groups_id'] = $_SESSION['glpigroups'];
+         $criteria['WHERE'][] = [
+            'OR' => [
+               'NOT' => ['glpi_groups_tickets.groups_id' => $_SESSION['glpigroups']],
+               'glpi_groups_tickets.groups_id' => null
+            ]
+         ];
+
+         $criteria['LEFT JOIN']['glpi_plugin_escalade_histories'] = [
+            'ON' => [
+               'glpi_tickets' => 'id',
+               'glpi_plugin_escalade_histories' => 'tickets_id'
+            ]
+         ];
       } else {
          $title = __("Tickets to close (escalated)", "escalade");
          $status = CommonITILObject::SOLVED;
 
-         $search_assign = " (`glpi_groups_tickets`.`groups_id` IN ('$groups'))";
-
-         $query_join = "LEFT JOIN `glpi_groups_tickets`
-            ON (`glpi_tickets`.`id` = `glpi_groups_tickets`.`tickets_id`
-               AND `glpi_groups_tickets`.`type`=2)";
+         $criteria['WHERE']['glpi_groups_tickets.groups_id'] = $_SESSION['glpigroups'];
       }
-
-      $query = "SELECT DISTINCT `glpi_tickets`.`id`
-                FROM `glpi_tickets`
-                LEFT JOIN `glpi_tickets_users`
-                  ON (`glpi_tickets`.`id` = `glpi_tickets_users`.`tickets_id`)";
-
-      $query .= $query_join;
-
-      $query .= "WHERE $is_deleted AND ( $search_assign )
-                  AND (`status` IN ($status))".
-                  getEntitiesRestrictRequest("AND", "glpi_tickets");
-
-      $query  .= " ORDER BY glpi_tickets.date_mod DESC";
-
-      $result  = $DB->query($query);
-      $numrows = $DB->numrows($result);
+      $criteria['LEFT JOIN']['glpi_groups_tickets'] = [
+         'ON' => [
+            'glpi_tickets' => 'id',
+            'glpi_groups_tickets' => 'tickets_id',
+             [
+                 'AND' => ['glpi_groups_tickets.type' => 2]
+             ]
+         ]
+      ];
+      $criteria['WHERE']['status'] = $status;
+      $criteria['WHERE'][] = getEntitiesRestrictCriteria('glpi_tickets');
+
+      $result  = $DB->request($criteria);
+      $numrows = count($result);
       if (!$numrows) {
          return;
       }
 
-      $query .= " LIMIT 0, 5";
-      $result = $DB->query($query);
-      $number = $DB->numrows($result);
+      $criteria['START'] = 0;
+      $criteria['LIMIT'] = 5;
+      $result = $DB->request($criteria);
+      $number = count($result);
 
       //show central list
       if ($numrows > 0) {
@@ -287,9 +301,8 @@ static function showCentralSpecificList($type) {
             echo "<th>".__('Requester')."</th>";
             echo "<th>".__('Associated element')."</th>";
             echo "<th>".__('Description')."</th></tr></thead>";
-            for ($i = 0; $i < $number; $i++) {
-               $ID = $DB->result($result, $i, "id");
-               Ticket::showVeryShort($ID, 'Ticket$2');
+            foreach ($result as $data) {
+               Ticket::showVeryShort($data['id'], 'Ticket$2');
             }
          }
          echo "</table>";

inc/ticket.class.php

@@ -257,10 +257,14 @@ static function addHistoryOnAddGroup(CommonDBTM $item) {
       $history = new PluginEscaladeHistory();
 
       $group_ticket       = new Group_Ticket();
-      $group_ticket->getFromDBByRequest(['ORDER'   => 'id DESC',
-                                                 'LIMIT'      => 1,
-                                                 'tickets_id' => $tickets_id,
-                                                 'type'       => 2]);
+      $group_ticket->getFromDBByRequest([
+         'WHERE' => [
+            'tickets_id' => $tickets_id,
+            'type'       => 2
+         ],
+         'ORDER' => 'id DESC',
+         'LIMIT' => 1
+      ]);
 
       $previous_groups_id = 0;
       $counter            = 0;
@@ -755,30 +759,56 @@ static function cloneAndLink($tickets_id) {
 
       //add actors to the new ticket (without assign)
       //users
-      $query_users = "INSERT INTO glpi_tickets_users
-      SELECT '' AS id, $newID as tickets_id, users_id, type, use_notification, alternative_email
-      FROM glpi_tickets_users
-      WHERE tickets_id = $tickets_id AND type != 2";
-      if (!$res = $DB->query($query_users)) {
+      $res = $DB->insert('glpi_tickets_user', new QuerySubQuery([
+         'SELECT' => [
+            new QueryExpression("'' AS " . $DB::quoteName('id')),
+            new QueryExpression($DB::quoteValue($newID) . " AS " . $DB::quoteName('tickets_id')),
+            'users_id', 'type', 'use_notification', 'alternative_email'
+         ],
+         'FROM' => 'glpi_tickets_users',
+         'WHERE' => [
+            'tickets_id' => $tickets_id,
+            'type' => ['!=', 2]
+         ]
+      ]));
+      if (!$res) {
          echo "{\"success\":false, \"message\":\"".__("Error : adding actors (user)", "escalade")."\"}";
          exit;
       }
       //groups
-      $query_groups = "INSERT INTO glpi_groups_tickets
-      SELECT '' AS id, $newID as tickets_id, groups_id, type
-      FROM glpi_groups_tickets
-      WHERE tickets_id = $tickets_id AND type != 2";
-      if (!$res = $DB->query($query_groups)) {
+      $res = $DB->insert('glpi_tickets_user', new QuerySubQuery([
+         'SELECT' => [
+            new QueryExpression("'' AS " . $DB::quoteName('id')),
+            new QueryExpression($DB::quoteValue($newID) . " AS " . $DB::quoteName('tickets_id')),
+               'groups_id', 'type'
+         ],
+         'FROM' => 'glpi_groups_tickets',
+         'WHERE' => [
+            'tickets_id' => $tickets_id,
+            'type' => ['!=', 2]
+         ]
+      ]));
+      if (!$res) {
          echo "{\"success\":false, \"message\":\"".__("Error : adding actors (group)", "escalade")."\"}";
          exit;
       }
 
       //add documents
-      $query_docs = "INSERT INTO glpi_documents_items (documents_id, items_id, itemtype, entities_id, is_recursive, date_mod)
-      SELECT documents_id, $newID, 'Ticket', entities_id, is_recursive, date_mod
-      FROM glpi_documents_items
-      WHERE items_id = $tickets_id AND itemtype = 'Ticket'";
-      if (! $res = $DB->query($query_docs)) {
+      $res = $DB->insert('glpi_documents_items', new QuerySubQuery([
+         'SELECT' => [
+            new QueryExpression("'' AS " . $DB::quoteName('id')),
+            'documents_id',
+            new QueryExpression($DB::quoteValue($newID) . " AS " . $DB::quoteName('items_id')),
+            new QueryExpression($DB::quoteValue('Ticket') . " AS " . $DB::quoteName('itemtype')),
+            'entities_id', 'is_recursive', 'date_mod'
+         ],
+         'FROM' => 'glpi_documents_items',
+         'WHERE' => [
+            'items_id' => $tickets_id,
+            'itemtype' => 'Ticket'
+         ]
+         ]));
+      if (!$res) {
          echo "{\"success\":false, \"message\":\"".__("Error : adding documents", "escalade")."\"}";
          exit;
       }

inc/user.class.php

@@ -75,24 +75,35 @@ static function processMassiveActionsForOneItemtype(MassiveAction $ma, CommonDBT
    static private function getUserGroup($entity, $userid, $filter = '', $first = true) {
       global $DB;
 
-      $query = "SELECT glpi_groups.id
-                FROM glpi_groups_users
-                INNER JOIN glpi_groups ON (glpi_groups.id = glpi_groups_users.groups_id)
-                WHERE glpi_groups_users.users_id='$userid'".
-                getEntitiesRestrictRequest(' AND ', 'glpi_groups', '', $entity, true, true);
+      $criteria = [
+         'SELECT' => ['glpi_groups.id'],
+         'FROM'   => 'glpi_groups_users',
+         'INNER JOIN' => [
+            'glpi_groups' => [
+               'ON' => [
+                  'glpi_groups_users' => 'groups_id',
+                  'glpi_groups'       => 'id'
+               ]
+            ]
+         ],
+         'WHERE' => [
+            'glpi_groups_users.users_id' => $userid,
+             getEntitiesRestrictCriteria('glpi_groups', '', $entity, true, true)
+         ],
+         'ORDER' => ['glpi_groups_users.id']
+      ];
 
       if ($filter) {
-         $query .= "AND ($filter)";
+         $criteria['WHERE'][] = new QueryExpression($filter);
       }
 
-      $query.= " ORDER BY glpi_groups_users.id";
-
+      $it = $DB->request($criteria);
       $rep = [];
-      foreach ($DB->request($query) as $data) {
+      foreach ($it as $data) {
          if ($first) {
             return $data['id'];
          }
-         $rep[]=$data['id'];
+         $rep[] = $data['id'];
       }
       return ($first ? 0 : array_pop($rep));
    }