wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Safer queries

Browse source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-03-17 09:59:56 +01:00
parent 0a1135a7cc
commit 199405ddc0
No known key found for this signature in database
GPG key ID: E166FD8976B3BAC8
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/files_sharing/lib/Command/CleanupRemoteStorages.php
View file

@ -142,13 +142,13 @@ class CleanupRemoteStorages extends Command {
->where($queryBuilder->expr()->like(
'id',
// match all 'shared::' + 32 characters storages
$queryBuilder->createNamedParameter('shared::________________________________', IQueryBuilder::PARAM_STR),
$queryBuilder->createNamedParameter($this->connection->escapeLikeParameter('shared::') . str_repeat('_', 32)),
IQueryBuilder::PARAM_STR)
)
->andWhere($queryBuilder->expr()->notLike(
'id',
// but not the ones starting with a '/', they are for normal shares
$queryBuilder->createNamedParameter('shared::/%', IQueryBuilder::PARAM_STR),
$queryBuilder->createNamedParameter($this->connection->escapeLikeParameter('shared::/') . '%'),
IQueryBuilder::PARAM_STR)
)->orderBy('numeric_id');
$query = $queryBuilder->execute();