Fix configuration values matched in user searches
Due to a misplaced closing parenthesis the condition of the left join clause was just "userid = uid"; the other conditions were passed as additional parameters to "leftJoin", and thus they were ignored. Therefore, the result set contained every preference of each user instead of only the email, so the "WHERE configvalue LIKE XXX" matched any configuration value of the user. Besides the closing parenthesis this commit also fixes the literal values. Although "Literal" objects represent literal values they must be created through "IExpressionBuilder::literal()" to be properly quoted; otherwise it is just a plain string, which is treated as a column name. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit is contained in:
Daniel Calviño Sánchez
parent
3cae276149
commit
0b96a71a68
1 changed files with 3 additions and 3 deletions
|
|
@ -203,9 +203,9 @@ class Database extends Backend implements IUserBackend {
|
|||
$query->select('uid', 'displayname')
|
||||
->from('users', 'u')
|
||||
->leftJoin('u', 'preferences', 'p', $query->expr()->andX(
|
||||
$query->expr()->eq('userid', 'uid')),
|
||||
$query->expr()->eq('appid', new Literal('settings')),
|
||||
$query->expr()->eq('configkey', new Literal('email'))
|
||||
$query->expr()->eq('userid', 'uid'),
|
||||
$query->expr()->eq('appid', $query->expr()->literal('settings')),
|
||||
$query->expr()->eq('configkey', $query->expr()->literal('email')))
|
||||
)
|
||||
// sqlite doesn't like re-using a single named parameter here
|
||||
->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $connection->escapeLikeParameter($search) . '%')))
|
||||
|
|
|
|||
Loading…
Reference in a new issue