Author: Gunnar Wolf <gwolf@debian.org>
Forwarded: https://github.com/philippK-de/Collabtive/pull/57
Last-update: 2014-10-21
Description: Fix erroneous use of `HAVING' clauses
 Following up this bug report:
 .
 http://collabtive.o-dyn.de/forum/viewtopic.php?f=11&t=13178&sid=2d54503049b4dd323fc7751c7f51f8a6
 .
 The use of HAVING in queries where no aggregate functions are
 executed is wrong, and makes MySQL return an error message. The most
 visible effect is the loss of two of the tabs in the main view
 ("dashboard accordion").

Index: collabtive/include/class.milestone.php
===================================================================
--- collabtive.orig/include/class.milestone.php
+++ collabtive/include/class.milestone.php
@@ -539,7 +539,7 @@ class milestone {
         if ($project > 0) {
             $sel1 = $conn->query("SELECT * FROM milestones WHERE project =  $project AND status=1 AND end = '$starttime' ORDER BY `end` ASC");
         } else {
-        	$sel1 = $conn->query("SELECT milestones.*,projekte_assigned.user,projekte.name AS pname,projekte.status AS pstatus FROM milestones,projekte_assigned,projekte WHERE milestones.project = projekte_assigned.projekt AND milestones.project = projekte.ID HAVING projekte_assigned.user = $user AND status=1 AND pstatus != 2 AND end = '$starttime'");
+        	$sel1 = $conn->query("SELECT milestones.*,projekte_assigned.user,projekte.name AS pname,projekte.status AS pstatus FROM milestones,projekte_assigned,projekte WHERE milestones.project = projekte_assigned.projekt AND milestones.project = projekte.ID AND projekte_assigned.user = $user AND milestones.status=1 AND projekte.status != 2 AND milestones.end = '$starttime'");
         } while ($sel1 and $stone = $sel1->fetch()) {
             $stone["daysleft"] = $this->getDaysLeft($stone["end"]);
             array_push($timeline, $stone);
Index: collabtive/include/class.search.php
===================================================================
--- collabtive.orig/include/class.search.php
+++ collabtive/include/class.search.php
@@ -57,7 +57,7 @@ class search {
     {
         global $conn;
 
-        $selStmt = $conn->prepare("SELECT `ID`,`name`,`desc`,`status` FROM projekte WHERE `name` LIKE ? OR `desc` LIKE ? OR ID = ? HAVING status=1");
+        $selStmt = $conn->prepare("SELECT `ID`,`name`,`desc`,`status` FROM projekte WHERE `name` LIKE ? OR `desc` LIKE ? OR ID = ? AND status=1");
         $selStmt->execute(array("%{$query}%", "%{$query}%", $query));
 
         $projects = array();
@@ -85,10 +85,10 @@ class search {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`status`,`project` FROM milestones WHERE `name` LIKE ? OR `desc` LIKE ? HAVING project = ? AND status=1");
+            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`status`,`project` FROM milestones WHERE `name` LIKE ? OR `desc` LIKE ? AND project = ? AND status=1");
             $sel->execute(array("%{$query}%", "%{$query}%", $project));
         } else {
-            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`status`,`project` FROM milestones WHERE `name` LIKE ? OR `desc` LIKE ? HAVING status=1");
+            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`status`,`project` FROM milestones WHERE `name` LIKE ? OR `desc` LIKE ? AND status=1");
             $sel->execute(array("%{$query}%", "%{$query}%"));
         }
 
@@ -124,7 +124,7 @@ class search {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project` FROM messages WHERE `title` LIKE ? OR `text` LIKE ? HAVING project = ? ");
+            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project` FROM messages WHERE `title` LIKE ? OR `text` LIKE ? AND project = ? ");
             $sel->execute(array("%{$query}%", "%{$query}%", $project));
         } else {
             $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project` FROM messages WHERE `title` LIKE ? OR `text` LIKE ?");
@@ -166,10 +166,10 @@ class search {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`status`,`project` FROM tasks WHERE `title` LIKE ? OR `text` LIKE ? HAVING project = ? AND status=1");
+            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`status`,`project` FROM tasks WHERE `title` LIKE ? OR `text` LIKE ? AND project = ? AND status=1");
             $sel->execute(array("%{$query}%", "%{$query}%", $project));
         } else {
-            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`status`,`project` FROM tasks WHERE `title` LIKE ? OR `text` LIKE ? HAVING status=1");
+            $sel = $conn->prepare("SELECT `ID`,`title`,`text`,`status`,`project` FROM tasks WHERE `title` LIKE ? OR `text` LIKE ? AND status=1");
             $sel->execute(array("%{$query}%", "%{$query}%"));
         }
 
@@ -205,7 +205,7 @@ class search {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project` FROM `files` WHERE `name` LIKE ? OR `desc` LIKE ? OR `title` LIKE ? HAVING project = ?");
+            $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project` FROM `files` WHERE `name` LIKE ? OR `desc` LIKE ? OR `title` LIKE ? AND project = ?");
             $sel->execute(array("%{$query}%", "%{$query}%", "%{$query}%", $project));
         } else {
             $sel = $conn->prepare("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project` FROM `files` WHERE `name` LIKE ? OR `desc` LIKE ? OR `title` LIKE ?");
Index: collabtive/include/class.tags.php
===================================================================
--- collabtive.orig/include/class.tags.php
+++ collabtive/include/class.tags.php
@@ -164,7 +164,7 @@ class tags {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->query("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project`,`tags` FROM `files` WHERE `tags` LIKE " . $conn->quote("%{$query}%") . " HAVING project = $project");
+            $sel = $conn->query("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project`,`tags` FROM `files` WHERE `tags` LIKE " . $conn->quote("%{$query}%") . " AND project = $project");
         } else {
             $sel = $conn->query("SELECT `ID`,`name`,`desc`,`type`,`datei`,`title`,`project`,`tags` FROM `files` WHERE `tags` LIKE " . $conn->quote("%{$query}%"));
         }
@@ -220,7 +220,7 @@ class tags {
         $project = (int) $project;
 
         if ($project > 0) {
-            $sel = $conn->query("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project`,`tags` FROM messages WHERE `tags` LIKE " . $conn->quote("%{$query}%") . " HAVING project = $project ");
+            $sel = $conn->query("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project`,`tags` FROM messages WHERE `tags` LIKE " . $conn->quote("%{$query}%") . " AND project = $project ");
         } else {
             $sel = $conn->query("SELECT `ID`,`title`,`text`,`posted`,`user`,`username`,`project`,`tags` FROM messages WHERE `tags` LIKE " . $conn->quote("%{$query}%"));
         }
Index: collabtive/include/class.task.php
===================================================================
--- collabtive.orig/include/class.task.php
+++ collabtive/include/class.task.php
@@ -377,7 +377,7 @@ class task {
         $lists = array();
         $now = time();
 
-        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=1 ORDER BY `end` ASC ");
+        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task AND tasks_assigned.user = $user AND tasks.project = $project AND status=1 ORDER BY `end` ASC ");
 
         while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
@@ -409,7 +409,7 @@ class task {
         $tod = date("d.m.Y");
         $now = strtotime($tod);
 
-        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end < $now ORDER BY `end` ASC LIMIT $limit");
+        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task AND tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end < $now ORDER BY `end` ASC LIMIT $limit");
         while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
             array_push($lists, $task);
@@ -440,7 +440,7 @@ class task {
         $lists = array();
         $now = strtotime($tod);
 
-        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end = '$now' ORDER BY `end` ASC LIMIT $limit");
+        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task AND tasks_assigned.user = $user AND tasks.project = $project  AND status=1 AND end = '$now' ORDER BY `end` ASC LIMIT $limit");
 
         while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
@@ -471,7 +471,7 @@ class task {
         $lists = array();
         $now = time();
 
-        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task HAVING tasks_assigned.user = $user AND tasks.project = $project AND status=0 ORDER BY `end` ASC LIMIT $limit");
+        $sel2 = $conn->query("SELECT tasks.*,tasks_assigned.user FROM tasks,tasks_assigned WHERE tasks.ID = tasks_assigned.task AND tasks_assigned.user = $user AND tasks.project = $project AND status=0 ORDER BY `end` ASC LIMIT $limit");
 
         while ($sel2 and $tasks = $sel2->fetch()) {
             $task = $this->getTask($tasks["ID"]);
@@ -513,7 +513,7 @@ class task {
         if ($project > 0) {
             $sql = "SELECT * FROM tasks  WHERE status=1 AND project = $project AND end = '$starttime'";
         } else {
-            $sql = "SELECT tasks.*,tasks_assigned.user,projekte.name AS pname FROM tasks,tasks_assigned,projekte WHERE tasks.ID = tasks_assigned.task AND tasks.project = projekte.ID HAVING tasks_assigned.user = $user AND status=1 AND end = '$starttime'";
+            $sql = "SELECT tasks.*,tasks_assigned.user,projekte.name AS pname FROM tasks,tasks_assigned,projekte WHERE tasks.ID = tasks_assigned.task AND tasks.project = projekte.ID AND tasks_assigned.user = $user AND tasks.status=1 AND tasks.end = '$starttime'";
         }
         $sel1 = $conn->query($sql);
 
