AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FIX] Database::execute() → Database::query() in 5 controller

Browse Source 
Database non ha metodo execute() — corretto in:
InviteController, ServicesController, WebhookController,
NormativeController, WhistleblowingController.
Causa del HTTP 500 su tutti gli endpoint /api/invites/*.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
DevEnv nis2-agile 2026-03-07 16:49:58 +01:00
parent c906a6eff3
commit 9ccf2a72b5
5 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
application/controllers/InviteController.php
View File

@ -85,7 +85,7 @@ class InviteController extends BaseController
$tokenHash = hash('sha256', $rawToken); $tokenHash = hash('sha256', $rawToken);
$prefix = substr($rawToken, 0, 10) . '...'; $prefix = substr($rawToken, 0, 10) . '...';
Database::execute( Database::query(
'INSERT INTO invites 'INSERT INTO invites
(token_prefix, token_hash, plan, duration_months, label, notes, (token_prefix, token_hash, plan, duration_months, label, notes,
max_uses, max_users_per_org, price_eur, reseller_name, max_uses, max_users_per_org, price_eur, reseller_name,
@ -153,7 +153,7 @@ class InviteController extends BaseController
if ($channel) { $where[] = 'channel = ?'; $params[] = $channel; } if ($channel) { $where[] = 'channel = ?'; $params[] = $channel; }
// Auto-scaduti: aggiorna status se expires_at passato // Auto-scaduti: aggiorna status se expires_at passato
Database::execute( Database::query(
"UPDATE invites SET status='expired' WHERE status='pending' AND expires_at < NOW()" "UPDATE invites SET status='expired' WHERE status='pending' AND expires_at < NOW()"
); );
@ -213,7 +213,7 @@ class InviteController extends BaseController
if (!$row) $this->jsonError('Invito non trovato', 404, 'NOT_FOUND'); if (!$row) $this->jsonError('Invito non trovato', 404, 'NOT_FOUND');
if ($row['status'] === 'used') $this->jsonError('Invito già usato — non revocabile', 422, 'ALREADY_USED'); if ($row['status'] === 'used') $this->jsonError('Invito già usato — non revocabile', 422, 'ALREADY_USED');
Database::execute("UPDATE invites SET status='revoked', updated_at=NOW() WHERE id=?", [$id]); Database::query("UPDATE invites SET status='revoked', updated_at=NOW() WHERE id=?", [$id]);
$this->logAudit('invite.revoked', 'invite', $id); $this->logAudit('invite.revoked', 'invite', $id);
$this->jsonSuccess(['revoked' => true, 'id' => $id]); $this->jsonSuccess(['revoked' => true, 'id' => $id]);
} }
@ -234,7 +234,7 @@ class InviteController extends BaseController
$tokenHash = hash('sha256', $rawToken); $tokenHash = hash('sha256', $rawToken);
$prefix = substr($rawToken, 0, 10) . '...'; $prefix = substr($rawToken, 0, 10) . '...';
Database::execute( Database::query(
"UPDATE invites SET token_prefix=?, token_hash=?, status='pending', updated_at=NOW() WHERE id=?", "UPDATE invites SET token_prefix=?, token_hash=?, status='pending', updated_at=NOW() WHERE id=?",
[$prefix, $tokenHash, $id] [$prefix, $tokenHash, $id]
); );
@ -312,7 +312,7 @@ class InviteController extends BaseController
} }
if (strtotime($invite['expires_at']) < time()) { if (strtotime($invite['expires_at']) < time()) {
Database::execute("UPDATE invites SET status='expired' WHERE id=?", [$invite['id']]); Database::query("UPDATE invites SET status='expired' WHERE id=?", [$invite['id']]);
return ['valid' => false, 'invite' => $invite, 'error' => 'Invito scaduto il ' . $invite['expires_at'], 'code' => 'EXPIRED']; return ['valid' => false, 'invite' => $invite, 'error' => 'Invito scaduto il ' . $invite['expires_at'], 'code' => 'EXPIRED'];
} }
@ -324,7 +324,7 @@ class InviteController extends BaseController
*/ */
public static function markUsed(int $inviteId, int $orgId, string $ip): void public static function markUsed(int $inviteId, int $orgId, string $ip): void
{ {
Database::execute( Database::query(
"UPDATE invites "UPDATE invites
SET used_count = used_count + 1, SET used_count = used_count + 1,
status = CASE WHEN used_count + 1 >= max_uses THEN 'used' ELSE 'pending' END, status = CASE WHEN used_count + 1 >= max_uses THEN 'used' ELSE 'pending' END,
@ -423,7 +423,7 @@ class InviteController extends BaseController
} }
// Aggiorna last_used_at // Aggiorna last_used_at
Database::execute('UPDATE api_keys SET last_used_at=NOW() WHERE id=?', [$key['id']]); Database::query('UPDATE api_keys SET last_used_at=NOW() WHERE id=?', [$key['id']]);
return; return;
} }

2
application/controllers/NormativeController.php
View File

@ -124,7 +124,7 @@ class NormativeController extends BaseController
if ($existing) { if ($existing) {
// Aggiorna note se già ACK // Aggiorna note se già ACK
Database::execute( Database::query(
'UPDATE normative_ack SET notes = ?, acknowledged_by = ?, acknowledged_at = NOW() 'UPDATE normative_ack SET notes = ?, acknowledged_by = ?, acknowledged_at = NOW()
WHERE normative_update_id = ? AND organization_id = ?', WHERE normative_update_id = ? AND organization_id = ?',
[$notes ?: null, $this->getCurrentUserId(), $id, $orgId] [$notes ?: null, $this->getCurrentUserId(), $id, $orgId]

16
application/controllers/ServicesController.php
View File

@ -95,7 +95,7 @@ class ServicesController extends BaseController
// Aggiorna last_used_at (async: non blocchiamo su errore) // Aggiorna last_used_at (async: non blocchiamo su errore)
try { try {
Database::execute( Database::query(
'UPDATE api_keys SET last_used_at = NOW() WHERE id = ?', 'UPDATE api_keys SET last_used_at = NOW() WHERE id = ?',
[$record['id']] [$record['id']]
); );
@ -329,7 +329,7 @@ class ServicesController extends BaseController
$firstName = $parts[0] ?? $email; $firstName = $parts[0] ?? $email;
$lastName = $parts[1] ?? ''; $lastName = $parts[1] ?? '';
Database::execute( Database::query(
'INSERT INTO users (email, password_hash, first_name, last_name, role, status) 'INSERT INTO users (email, password_hash, first_name, last_name, role, status)
VALUES (?, ?, ?, ?, ?, "active")', VALUES (?, ?, ?, ?, ?, "active")',
[$email, '', $firstName, $lastName, $role] [$email, '', $firstName, $lastName, $role]
@ -345,7 +345,7 @@ class ServicesController extends BaseController
[$userId, $orgId] [$userId, $orgId]
); );
if (!$membership) { if (!$membership) {
Database::execute( Database::query(
'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?, ?, ?)', 'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?, ?, ?)',
[$userId, $orgId, $role] [$userId, $orgId, $role]
); );
@ -558,7 +558,7 @@ class ServicesController extends BaseController
$orgId = (int) $existing['id']; $orgId = (int) $existing['id'];
} else { } else {
// ── 4. Crea organizzazione ─────────────────────────────────── // ── 4. Crea organizzazione ───────────────────────────────────
Database::execute( Database::query(
'INSERT INTO organizations 'INSERT INTO organizations
(name, legal_form, vat_number, fiscal_code, ateco_code, ateco_description, (name, legal_form, vat_number, fiscal_code, ateco_code, ateco_description,
legal_address, pec, phone, annual_turnover_eur, employees, legal_address, pec, phone, annual_turnover_eur, employees,
@ -602,7 +602,7 @@ class ServicesController extends BaseController
if ($existingUser) { if ($existingUser) {
$userId = (int) $existingUser['id']; $userId = (int) $existingUser['id'];
} else { } else {
Database::execute( Database::query(
'INSERT INTO users (email, password_hash, first_name, last_name, role, status, 'INSERT INTO users (email, password_hash, first_name, last_name, role, status,
phone, job_title, must_change_password) phone, job_title, must_change_password)
VALUES (?,?,?,?,\'super_admin\',\'active\',?,?,1)', VALUES (?,?,?,?,\'super_admin\',\'active\',?,?,1)',
@ -618,7 +618,7 @@ class ServicesController extends BaseController
[$userId, $orgId] [$userId, $orgId]
); );
if (!$mem) { if (!$mem) {
Database::execute( Database::query(
'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?,?,\'super_admin\')', 'INSERT INTO user_organizations (user_id, organization_id, role) VALUES (?,?,\'super_admin\')',
[$userId, $orgId] [$userId, $orgId]
); );
@ -635,12 +635,12 @@ class ServicesController extends BaseController
: date('Y-m-d H:i:s', strtotime('+12 months')); : date('Y-m-d H:i:s', strtotime('+12 months'));
// Revoca eventuali chiavi lg231-integration precedenti (idempotency) // Revoca eventuali chiavi lg231-integration precedenti (idempotency)
Database::execute( Database::query(
'UPDATE api_keys SET is_active=0 WHERE organization_id=? AND name LIKE \'lg231-integration-%\'', 'UPDATE api_keys SET is_active=0 WHERE organization_id=? AND name LIKE \'lg231-integration-%\'',
[$orgId] [$orgId]
); );
Database::execute( Database::query(
'INSERT INTO api_keys (organization_id, name, key_prefix, key_hash, scopes, is_active, expires_at, created_by) 'INSERT INTO api_keys (organization_id, name, key_prefix, key_hash, scopes, is_active, expires_at, created_by)
VALUES (?,?,?,?,?,1,?,?)', VALUES (?,?,?,?,?,1,?,?)',
[ [

6
application/controllers/WebhookController.php
View File

@ -146,7 +146,7 @@ class WebhookController extends BaseController
$this->jsonError('API Key non trovata', 404, 'NOT_FOUND'); $this->jsonError('API Key non trovata', 404, 'NOT_FOUND');
} }
Database::execute( Database::query(
'UPDATE api_keys SET is_active = 0, updated_at = NOW() WHERE id = ?', 'UPDATE api_keys SET is_active = 0, updated_at = NOW() WHERE id = ?',
[$id] [$id]
); );
@ -273,7 +273,7 @@ class WebhookController extends BaseController
if (!empty($updates)) { if (!empty($updates)) {
$updates['updated_at'] = date('Y-m-d H:i:s'); $updates['updated_at'] = date('Y-m-d H:i:s');
$setClauses = implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates))); $setClauses = implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates)));
Database::execute( Database::query(
"UPDATE webhook_subscriptions SET {$setClauses} WHERE id = ?", "UPDATE webhook_subscriptions SET {$setClauses} WHERE id = ?",
array_merge(array_values($updates), [$id]) array_merge(array_values($updates), [$id])
); );
@ -297,7 +297,7 @@ class WebhookController extends BaseController
$this->jsonError('Webhook non trovato', 404, 'NOT_FOUND'); $this->jsonError('Webhook non trovato', 404, 'NOT_FOUND');
} }
Database::execute('DELETE FROM webhook_subscriptions WHERE id = ?', [$id]); Database::query('DELETE FROM webhook_subscriptions WHERE id = ?', [$id]);
$this->logAudit('webhook_deleted', 'webhook_subscription', $id, ['name' => $sub['name']]); $this->logAudit('webhook_deleted', 'webhook_subscription', $id, ['name' => $sub['name']]);
$this->jsonSuccess(null, 'Webhook eliminato'); $this->jsonSuccess(null, 'Webhook eliminato');
} }

6
application/controllers/WhistleblowingController.php
View File

@ -238,7 +238,7 @@ class WhistleblowingController extends BaseController
} }
if (!empty($updates)) { if (!empty($updates)) {
Database::execute( Database::query(
'UPDATE whistleblowing_reports SET ' . 'UPDATE whistleblowing_reports SET ' .
implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates))) . implode(', ', array_map(fn($k) => "{$k} = ?", array_keys($updates))) .
', updated_at = NOW() WHERE id = ?', ', updated_at = NOW() WHERE id = ?',
@ -265,7 +265,7 @@ class WhistleblowingController extends BaseController
if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); } if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); }
$userId = (int)$this->getParam('user_id'); $userId = (int)$this->getParam('user_id');
Database::execute( Database::query(
'UPDATE whistleblowing_reports SET assigned_to = ?, updated_at = NOW() WHERE id = ?', 'UPDATE whistleblowing_reports SET assigned_to = ?, updated_at = NOW() WHERE id = ?',
[$userId, $id] [$userId, $id]
); );
@ -295,7 +295,7 @@ class WhistleblowingController extends BaseController
if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); } if (!$report) { $this->jsonError('Segnalazione non trovata', 404, 'NOT_FOUND'); }
$resolution = trim($this->getParam('resolution_notes', '')); $resolution = trim($this->getParam('resolution_notes', ''));
Database::execute( Database::query(
'UPDATE whistleblowing_reports SET status = "closed", closed_at = NOW(), 'UPDATE whistleblowing_reports SET status = "closed", closed_at = NOW(),
closed_by = ?, resolution_notes = ?, updated_at = NOW() WHERE id = ?', closed_by = ?, resolution_notes = ?, updated_at = NOW() WHERE id = ?',
[$this->getCurrentUserId(), $resolution, $id] [$this->getCurrentUserId(), $resolution, $id]