Security update for Core, with self-updated composer

[yaffs-website] / web / core / lib / Drupal / Core / Database / database.api.php

diff --git a/web/core/lib/Drupal/Core/Database/database.api.php b/web/core/lib/Drupal/Core/Database/database.api.php
index 885c6cba274a8f1de43c5e6a067e898435a8289e..45a561872a72a2d15c6b37c1b347634279b9573a 100644 (file)
--- a/web/core/lib/Drupal/Core/Database/database.api.php
+++ b/web/core/lib/Drupal/Core/Database/database.api.php
@@ -5,6 +5,8 @@
  * Hooks related to the Database system and the Schema API.
  */
 
+use Drupal\Core\Database\Query\Condition;
+
 /**
  * @defgroup database Database abstraction layer
  * @{
@@ -432,11 +434,11 @@ function hook_query_TAG_alter(Drupal\Core\Database\Query\AlterableInterface $que
     if (!\Drupal::currentUser()->hasPermission('bypass node access')) {
       // The node_access table has the access grants for any given node.
       $access_alias = $query->join('node_access', 'na', '%alias.nid = n.nid');
-      $or = db_or();
+      $or = new Condition('OR');
       // If any grant exists for the specified user, then user has access to the node for the specified operation.
       foreach (node_access_grants($op, $query->getMetaData('account')) as $realm => $gids) {
         foreach ($gids as $gid) {
-          $or->condition(db_and()
+          $or->condition((new Condition('AND'))
             ->condition($access_alias . '.gid', $gid)
             ->condition($access_alias . '.realm', $realm)
           );