mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix comparing the empty string for global credentials 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-11-09 17:33:05 +01:00
parent 97b0402984
commit a66591ee79
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
2 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/private/DB/Connection.php
View File

@ -307,11 +307,17 @@ class Connection extends ReconnectWrapper implements IDBConnection {
$where = $updateQb->expr()->andX();
$whereValues = array_merge($keys, $updatePreconditionValues);
foreach ($whereValues as $name => $value) {
$where->add($updateQb->expr()->eq(
$name,
$updateQb->createNamedParameter($value, $this->getType($value)),
$this->getType($value)
));
if ($value === '') {
$where->add($updateQb->expr()->emptyString(
$name
));
} else {
$where->add($updateQb->expr()->eq(
$name,
$updateQb->createNamedParameter($value, $this->getType($value)),
$this->getType($value)
));
}
}
$updateQb->where($where);
$affected = $updateQb->execute();

21
lib/private/Security/CredentialsManager.php
View File

@ -81,9 +81,13 @@ class CredentialsManager implements ICredentialsManager {
$qb = $this->dbConnection->getQueryBuilder();
$qb->select('credentials')
->from(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
;
->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)));
if ($userId === '') {
$qb->andWhere($qb->expr()->emptyString('user'));
} else {
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)));
}
$qResult = $qb->execute();
$result = $qResult->fetch();
@ -107,9 +111,14 @@ class CredentialsManager implements ICredentialsManager {
public function delete($userId, $identifier) {
$qb = $this->dbConnection->getQueryBuilder();
$qb->delete(self::DB_TABLE)
->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)))
->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)))
;
->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier)));
if ($userId === '') {
$qb->andWhere($qb->expr()->emptyString('user'));
} else {
$qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId)));
}
return $qb->execute();
}