diff --git a/lib/private/Share/Helper.php b/lib/private/Share/Helper.php index 90dc3e957e..a992330b57 100644 --- a/lib/private/Share/Helper.php +++ b/lib/private/Share/Helper.php @@ -31,6 +31,7 @@ namespace OC\Share; use OC\HintException; +use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\Share\IShare; class Helper extends \OC\Share\Constants { @@ -89,31 +90,30 @@ class Helper extends \OC\Share\Constants { $changeParent = []; $parents = [$parent]; while (!empty($parents)) { - $parents = "'".implode("','", $parents)."'"; - // Check the owner on the first search of reshares, useful for - // finding and deleting the reshares by a single user of a group share - $params = []; - if (count($ids) == 1 && isset($uidOwner)) { - // FIXME: don't concat $parents, use Docrine's PARAM_INT_ARRAY approach - $queryString = 'SELECT `id`, `share_with`, `item_type`, `share_type`, ' . - '`item_target`, `file_target`, `parent` ' . - 'FROM `*PREFIX*share` ' . - 'WHERE `parent` IN ('.$parents.') AND `uid_owner` = ? '; - $params[] = $uidOwner; - } else { - $queryString = 'SELECT `id`, `share_with`, `item_type`, `share_type`, ' . - '`item_target`, `file_target`, `parent`, `uid_owner` ' . - 'FROM `*PREFIX*share` WHERE `parent` IN ('.$parents.') '; + $query = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $query->select( + 'id', 'share_with', 'item_type', 'share_type', + 'item_target', 'file_target', 'parent' + ) + ->from('share') + ->where($query->expr()->in('parent', $query->createNamedParameter( + $parents, IQueryBuilder::PARAM_INT_ARRAY + ))); + + if (count($ids) === 1 && isset($uidOwner)) { + // Check the owner on the first search of reshares, useful for + // finding and deleting the reshares by a single user of a group share + $query->andWhere($query->expr()->eq('uid_owner', $uidOwner)); } + if ($excludeGroupChildren) { - $queryString .= ' AND `share_type` != ?'; - $params[] = self::$shareTypeGroupUserUnique; + $query->andWhere($query->expr()->eq('share_type', self::$shareTypeGroupUserUnique)); } - $query = \OC_DB::prepare($queryString); - $result = $query->execute($params); + + $result = $query->execute(); // Reset parents array, only go through loop again if items are found $parents = []; - while ($item = $result->fetchRow()) { + while ($item = $result->fetch()) { $tmpItem = [ 'id' => $item['id'], 'shareWith' => $item['share_with'], @@ -135,20 +135,24 @@ class Helper extends \OC\Share\Constants { $parents[] = $item['id']; } } + $result->closeCursor(); } if ($excludeParent) { unset($ids[0]); } if (!empty($changeParent)) { - $idList = "'".implode("','", $changeParent)."'"; - $query = \OC_DB::prepare('UPDATE `*PREFIX*share` SET `parent` = ? WHERE `id` IN ('.$idList.')'); - $query->execute([$newParent]); + $query = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $query->update('share') + ->set('parent', $query->createNamedParameter($newParent, IQueryBuilder::PARAM_INT)) + ->where($query->expr()->in('id', $query->createNamedParameter($changeParent, IQueryBuilder::PARAM_INT_ARRAY))); + $query->execute(); } if (!empty($ids)) { - $idList = "'".implode("','", $ids)."'"; - $query = \OC_DB::prepare('DELETE FROM `*PREFIX*share` WHERE `id` IN ('.$idList.')'); + $query = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $query->delete('share') + ->where($query->expr()->in('id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY))); $query->execute(); } diff --git a/lib/private/Share/Share.php b/lib/private/Share/Share.php index aed233692e..e05c4e9184 100644 --- a/lib/private/Share/Share.php +++ b/lib/private/Share/Share.php @@ -687,14 +687,20 @@ class Share extends Constants { // Remove root from file source paths if retrieving own shared items if (isset($uidOwner) && isset($row['path'])) { if (isset($row['parent'])) { - $query = \OC_DB::prepare('SELECT `file_target` FROM `*PREFIX*share` WHERE `id` = ?'); - $parentResult = $query->execute([$row['parent']]); - if ($result === false) { + $query = \OC::$server->getDatabaseConnection()->getQueryBuilder(); + $query->select('file_target') + ->from('share') + ->where($query->expr()->eq('id', $query->createNamedParameter($row['parent']))); + + $result = $query->execute(); + $parentRow = $result->fetch(); + $result->closeCursor(); + + if ($parentRow === false) { \OCP\Util::writeLog('OCP\Share', 'Can\'t select parent: ' . \OC_DB::getErrorMessage() . ', select=' . $select . ' where=' . $where, ILogger::ERROR); } else { - $parentRow = $parentResult->fetchRow(); $tmpPath = $parentRow['file_target']; // find the right position where the row path continues from the target path $pos = strrpos($row['path'], $parentRow['file_target']);