From 0f454ff5aa0ca7b89b7deb3a9f888d1551a870ca Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 11 Jan 2016 15:58:32 +0100 Subject: [PATCH 1/2] Use namedparameter --- lib/private/share20/defaultshareprovider.php | 9 +++------ tests/lib/share20/defaultshareprovidertest.php | 3 --- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/lib/private/share20/defaultshareprovider.php b/lib/private/share20/defaultshareprovider.php index 7a08ecb1210..1d9a2072966 100644 --- a/lib/private/share20/defaultshareprovider.php +++ b/lib/private/share20/defaultshareprovider.php @@ -185,8 +185,7 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->select('*') ->from('share') - ->where($qb->expr()->eq('parent', $qb->createParameter('parent'))) - ->setParameter(':parent', $parent->getId()) + ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId()))) ->orderBy('id'); $cursor = $qb->execute(); @@ -210,8 +209,7 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->delete('share') - ->where($qb->expr()->eq('id', $qb->createParameter('id'))) - ->setParameter(':id', $share->getId()); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))); try { $qb->execute(); @@ -244,8 +242,7 @@ class DefaultShareProvider implements IShareProvider { $qb->select('*') ->from('share') - ->where($qb->expr()->eq('id', $qb->createParameter('id'))) - ->setParameter(':id', $id); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); $cursor = $qb->execute(); $data = $cursor->fetch(); diff --git a/tests/lib/share20/defaultshareprovidertest.php b/tests/lib/share20/defaultshareprovidertest.php index 166fbd25f17..4db6b2b14e7 100644 --- a/tests/lib/share20/defaultshareprovidertest.php +++ b/tests/lib/share20/defaultshareprovidertest.php @@ -374,9 +374,6 @@ class DefaultShareProviderTest extends \Test\TestCase { $qb->expects($this->once()) ->method('where') ->will($this->returnSelf()); - $qb->expects($this->once()) - ->method('setParameter') - ->will($this->returnSelf()); $qb->expects($this->once()) ->method('execute') ->will($this->throwException(new \Exception)); From 663e71e4b3baca2330ec6e8381bbeed00142adf0 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 11 Jan 2016 16:19:07 +0100 Subject: [PATCH 2/2] Only select elements from the database that we support --- lib/private/share20/defaultshareprovider.php | 27 +++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/lib/private/share20/defaultshareprovider.php b/lib/private/share20/defaultshareprovider.php index 1d9a2072966..f4c33d68b46 100644 --- a/lib/private/share20/defaultshareprovider.php +++ b/lib/private/share20/defaultshareprovider.php @@ -36,6 +36,9 @@ use OCP\Files\Node; */ class DefaultShareProvider implements IShareProvider { + // Special share type for user modified group shares + const SHARE_TYPE_USERGROUP = 2; + /** @var IDBConnection */ private $dbConn; @@ -186,6 +189,17 @@ class DefaultShareProvider implements IShareProvider { $qb->select('*') ->from('share') ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId()))) + ->andWhere( + $qb->expr()->in( + 'share_type', + [ + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_USER), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_GROUP), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_LINK), + $qb->expr()->literal(self::SHARE_TYPE_USERGROUP), + ] + ) + ) ->orderBy('id'); $cursor = $qb->execute(); @@ -242,7 +256,18 @@ class DefaultShareProvider implements IShareProvider { $qb->select('*') ->from('share') - ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) + ->andWhere( + $qb->expr()->in( + 'share_type', + [ + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_USER), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_GROUP), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_LINK), + $qb->expr()->literal(self::SHARE_TYPE_USERGROUP), + ] + ) + ); $cursor = $qb->execute(); $data = $cursor->fetch();