From 7c0de08cc44e0b04f23d6f3fa2d6030991935c54 Mon Sep 17 00:00:00 2001 From: Aaron Wood Date: Wed, 20 Jul 2016 08:20:45 -0400 Subject: [PATCH] Escape special characters (#25429) * Escape LIKE parameter * Escape LIKE parameter * Escape LIKE parameter * Escape LIKE parameter * Escape LIKE parameter * Use correct method in the AbstractMapping class * Change the getNamesBySearch method so that input can be properly escaped while still supporting matches * Don't escape hardcoded wildcard --- apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php | 2 +- apps/user_ldap/lib/Access.php | 2 +- apps/user_ldap/lib/Mapping/AbstractMapping.php | 6 ++++-- apps/user_ldap/tests/Mapping/AbstractMappingTest.php | 2 +- lib/private/Group/Database.php | 4 ++-- lib/private/Repair/RepairLegacyStorages.php | 2 +- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php b/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php index d0d348e170..b319350c7f 100644 --- a/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php +++ b/apps/dav/lib/Connector/Sabre/CustomPropertiesBackend.php @@ -327,7 +327,7 @@ class CustomPropertiesBackend implements BackendInterface { $result = $this->connection->executeQuery( $sql, - array($this->user, rtrim($path, '/') . '/%', $requestedProperties), + array($this->user, $this->connection->escapeLikeParameter(rtrim($path, '/')) . '/%', $requestedProperties), array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY) ); diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 4d0753696f..cdf1233147 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -623,7 +623,7 @@ class Access extends LDAPUtility implements IUserTools { * "Developers" */ private function _createAltInternalOwnCloudNameForGroups($name) { - $usedNames = $this->groupMapper->getNamesBySearch($name.'_%'); + $usedNames = $this->groupMapper->getNamesBySearch($name, "", '_%'); if(!($usedNames) || count($usedNames) === 0) { $lastNo = 1; //will become name_2 } else { diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index 54fe7db366..67fbd9fe85 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -138,16 +138,18 @@ abstract class AbstractMapping { /** * Searches mapped names by the giving string in the name column * @param string $search + * @param string $prefixMatch + * @param string $postfixMatch * @return string[] */ - public function getNamesBySearch($search) { + public function getNamesBySearch($search, $prefixMatch = "", $postfixMatch = "") { $query = $this->dbc->prepare(' SELECT `owncloud_name` FROM `'. $this->getTableName() .'` WHERE `owncloud_name` LIKE ? '); - $res = $query->execute(array($search)); + $res = $query->execute(array($prefixMatch.$this->dbc->escapeLikeParameter($search).$postfixMatch)); $names = array(); if($res !== false) { while($row = $query->fetch()) { diff --git a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php index ddd99d3170..a2e9f85091 100644 --- a/apps/user_ldap/tests/Mapping/AbstractMappingTest.php +++ b/apps/user_ldap/tests/Mapping/AbstractMappingTest.php @@ -164,7 +164,7 @@ abstract class AbstractMappingTest extends \Test\TestCase { public function testSearch() { list($mapper,) = $this->initTest(); - $names = $mapper->getNamesBySearch('%oo%'); + $names = $mapper->getNamesBySearch('oo', '%', '%'); $this->assertTrue(is_array($names)); $this->assertSame(2, count($names)); $this->assertTrue(in_array('Foobar', $names)); diff --git a/lib/private/Group/Database.php b/lib/private/Group/Database.php index 36d19f74cc..64f249d4d2 100644 --- a/lib/private/Group/Database.php +++ b/lib/private/Group/Database.php @@ -285,7 +285,7 @@ class Database extends \OC\Group\Backend { $parameters = [$gid]; $searchLike = ''; if ($search !== '') { - $parameters[] = '%' . $search . '%'; + $parameters[] = '%' . $this->dbConn->escapeLikeParameter($search) . '%'; $searchLike = ' AND `uid` LIKE ?'; } @@ -311,7 +311,7 @@ class Database extends \OC\Group\Backend { $parameters = [$gid]; $searchLike = ''; if ($search !== '') { - $parameters[] = '%' . $search . '%'; + $parameters[] = '%' . $this->dbConn->escapeLikeParameter($search) . '%'; $searchLike = ' AND `uid` LIKE ?'; } diff --git a/lib/private/Repair/RepairLegacyStorages.php b/lib/private/Repair/RepairLegacyStorages.php index 8ef20cdf3c..096300f51c 100644 --- a/lib/private/Repair/RepairLegacyStorages.php +++ b/lib/private/Repair/RepairLegacyStorages.php @@ -172,7 +172,7 @@ class RepairLegacyStorages implements IRepairStep{ $sql = 'SELECT `id`, `numeric_id` FROM `*PREFIX*storages`' . ' WHERE `id` LIKE ?' . ' ORDER BY `id`'; - $result = $this->connection->executeQuery($sql, array($dataDirId . '%')); + $result = $this->connection->executeQuery($sql, array($this->connection->escapeLikeParameter($dataDirId) . '%')); while ($row = $result->fetch()) { $currentId = $row['id'];