diff --git a/CHANGELOG-WIP.md b/CHANGELOG-WIP.md index 056005702fb..dd0357f282c 100644 --- a/CHANGELOG-WIP.md +++ b/CHANGELOG-WIP.md @@ -58,6 +58,7 @@ - Added `craft\base\ElementInterface::deletionBlockers()`. ([#18728](https://github.com/craftcms/cms/pull/18728)) - Added `craft\base\ElementInterface::setDirtyFieldTracking()`. - Added `craft\elements\PopulateElementEvent::$content`. +- Added `craft\elements\db\ElementQuery::$activeQuery`. - Added `craft\elements\db\ElementQueryInterface::collectIds()`. - Added `craft\elements\deletionblockers\BaseDeletionBlocker`. ([#18728](https://github.com/craftcms/cms/pull/18728)) - Added `craft\elements\deletionblockers\DeletionBlockerInterface`. ([#18728](https://github.com/craftcms/cms/pull/18728)) @@ -94,5 +95,6 @@ - Updated the built-in composer.phar to 2.9.7. ([#18761](https://github.com/craftcms/cms/issues/18761)) - Fixed a bug where nested entries weren’t getting loaded with their content, if they had an entry type that was no longer allowed by their Matrix field. - Fixed the wording of the validation error when saving a nested entry with an invalid entry type. ([#18506](https://github.com/craftcms/cms/issues/18506)) +- Fixed a bug where relation fields’ element query params weren’t limiting results based on the query’s target site(s). ([#18781](https://github.com/craftcms/cms/issues/18781)) - Fixed a [high-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) potential RCE vulnerability. (GHSA-f74w-488g-8x5r) - Fixed a [moderate-severity](https://github.com/craftcms/cms/security/policy#severity--remediation) JavaScript injection vulnerability. (GHSA-c55v-343g-5xff) diff --git a/src/elements/db/ElementQuery.php b/src/elements/db/ElementQuery.php index 12f26ddfc9d..ff95e98ef28 100644 --- a/src/elements/db/ElementQuery.php +++ b/src/elements/db/ElementQuery.php @@ -111,6 +111,13 @@ class ElementQuery extends Query implements ElementQueryInterface */ public const EVENT_AFTER_POPULATE_ELEMENTS = 'afterPopulateElements'; + /** + * The current element query instance being prepared, for reference by fields’ `queryCondition()` methods. + * + * @since 5.10.0 + */ + public static ?self $activeQuery = null; + // Base config attributes // ------------------------------------------------------------------------- @@ -2846,7 +2853,12 @@ private function _applyCustomFieldParams(): void if (isset($fieldsByHandle[$handle])) { foreach ($fieldsByHandle[$handle] as $instances) { $firstInstance = $instances[0]; - $condition = $firstInstance::queryCondition($instances, $fieldAttributes->$handle, $params); + static::$activeQuery = $this; + try { + $condition = $firstInstance::queryCondition($instances, $fieldAttributes->$handle, $params); + } finally { + static::$activeQuery = null; + } // aborting? if ($condition === false) { diff --git a/src/fields/BaseRelationField.php b/src/fields/BaseRelationField.php index e33aa0e158a..47cbeb91645 100644 --- a/src/fields/BaseRelationField.php +++ b/src/fields/BaseRelationField.php @@ -188,6 +188,7 @@ public static function queryCondition(array $instances, mixed $value, array &$pa } if (!empty($value)) { + $siteId = ElementQuery::$activeQuery?->siteId; $parser = new ElementRelationParamParser([ 'fields' => [ $field->handle => $field, @@ -196,7 +197,7 @@ public static function queryCondition(array $instances, mixed $value, array &$pa $condition = $parser->parse([ 'targetElement' => $value, 'field' => $field->handle, - ]); + ], $siteId !== '*' ? $siteId : null); if ($condition !== false) { $conditions[] = $condition; }