mirror
/
social
kopia lustrzana https://github.com/nextcloud/social
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

more fixing 

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
pull/51/head
Maxence Lange 2018-11-22 11:37:19 -01:00
rodzic dc009d828f
commit c4e78552fe
2 zmienionych plików z 32 dodań i 8 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

31
lib/Db/CoreRequestBuilder.php
Wyświetl plik

@ -127,7 +127,10 @@ class CoreRequestBuilder {
* @param string $username * @param string $username
*/ */
protected function searchInPreferredUsername(IQueryBuilder &$qb, string $username) { protected function searchInPreferredUsername(IQueryBuilder &$qb, string $username) {
$this->searchInDBField($qb, 'preferred_username', $username . '%'); $dbConn = $this->dbConnection;
$this->searchInDBField(
$qb, 'preferred_username', $dbConn->escapeLikeParameter($username) . '%'
);
} }
@ -183,7 +186,8 @@ class CoreRequestBuilder {
* @param string $account * @param string $account
*/ */
protected function searchInAccount(IQueryBuilder &$qb, string $account) { protected function searchInAccount(IQueryBuilder &$qb, string $account) {
$this->searchInDBField($qb, 'account', $account . '%'); $dbConn = $this->dbConnection;
$this->searchInDBField($qb, 'account', $dbConn->escapeLikeParameter($account) . '%');
} }
@ -238,11 +242,27 @@ class CoreRequestBuilder {
protected function limitToRecipient(IQueryBuilder &$qb, string $recipient) { protected function limitToRecipient(IQueryBuilder &$qb, string $recipient) {
$expr = $qb->expr(); $expr = $qb->expr();
$orX = $expr->orX(); $orX = $expr->orX();
$dbConn = $this->dbConnection;
$orX->add($expr->eq('to', $qb->createNamedParameter($recipient))); $orX->add($expr->eq('to', $qb->createNamedParameter($recipient)));
$orX->add($expr->like('to_array', $qb->createNamedParameter('%"' . $recipient . '"%'))); $orX->add(
$orX->add($expr->like('cc', $qb->createNamedParameter('%"' . $recipient . '"%'))); $expr->like(
$orX->add($expr->like('bcc', $qb->createNamedParameter('%"' . $recipient . '"%'))); 'to_array',
$qb->createNamedParameter('%"' . $dbConn->escapeLikeParameter($recipient) . '"%')
)
);
$orX->add(
$expr->like(
'cc',
$qb->createNamedParameter('%"' . $dbConn->escapeLikeParameter($recipient) . '"%')
)
);
$orX->add(
$expr->like(
'bcc',
$qb->createNamedParameter('%"' . $dbConn->escapeLikeParameter($recipient) . '"%')
)
);
$qb->andWhere($orX); $qb->andWhere($orX);
} }
@ -372,6 +392,7 @@ class CoreRequestBuilder {
*/ */
private function searchInDBField(IQueryBuilder &$qb, string $field, string $value) { private function searchInDBField(IQueryBuilder &$qb, string $field, string $value) {
$expr = $qb->expr(); $expr = $qb->expr();
$pf = ($qb->getType() === QueryBuilder::SELECT) ? $this->defaultSelectAlias . '.' : ''; $pf = ($qb->getType() === QueryBuilder::SELECT) ? $this->defaultSelectAlias . '.' : '';
$field = $pf . $field; $field = $pf . $field;

9
lib/Db/NotesRequestBuilder.php
Wyświetl plik

@ -122,21 +122,24 @@ class NotesRequestBuilder extends CoreRequestBuilder {
$orX->add( $orX->add(
$expr->like( $expr->like(
$pf . 'to_array', $func->concat( $pf . 'to_array', $func->concat(
$expr->literal('%"'), $func->concat('f.follow_id', $expr->literal('"%')) $qb->createNamedParameter('%"'),
$func->concat('f.follow_id', $qb->createNamedParameter('"%'))
) )
) )
); );
$orX->add( $orX->add(
$expr->like( $expr->like(
$pf . 'cc', $func->concat( $pf . 'cc', $func->concat(
$expr->literal('%"'), $func->concat('f.follow_id', $expr->literal('"%')) $qb->createNamedParameter('%"'),
$func->concat('f.follow_id', $qb->createNamedParameter('"%'))
) )
) )
); );
$orX->add( $orX->add(
$expr->like( $expr->like(
$pf . 'bcc', $func->concat( $pf . 'bcc', $func->concat(
$expr->literal('%"'), $func->concat('f.follow_id', $expr->literal('"%')) $qb->createNamedParameter('%"'),
$func->concat('f.follow_id', $qb->createNamedParameter('"%'))
) )
) )
); );