From a66591ee79e5d9a34b0092c79856129e1a49fb6d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 9 Nov 2020 17:33:05 +0100 Subject: [PATCH] Fix comparing the empty string for global credentials Signed-off-by: Joas Schilling --- lib/private/DB/Connection.php | 16 +++++++++++----- lib/private/Security/CredentialsManager.php | 21 +++++++++++++++------ 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/lib/private/DB/Connection.php b/lib/private/DB/Connection.php index 4d390a04ec..17e76c37b3 100644 --- a/lib/private/DB/Connection.php +++ b/lib/private/DB/Connection.php @@ -307,11 +307,17 @@ class Connection extends ReconnectWrapper implements IDBConnection { $where = $updateQb->expr()->andX(); $whereValues = array_merge($keys, $updatePreconditionValues); foreach ($whereValues as $name => $value) { - $where->add($updateQb->expr()->eq( - $name, - $updateQb->createNamedParameter($value, $this->getType($value)), - $this->getType($value) - )); + if ($value === '') { + $where->add($updateQb->expr()->emptyString( + $name + )); + } else { + $where->add($updateQb->expr()->eq( + $name, + $updateQb->createNamedParameter($value, $this->getType($value)), + $this->getType($value) + )); + } } $updateQb->where($where); $affected = $updateQb->execute(); diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php index a40a7e1d88..20af25ae10 100644 --- a/lib/private/Security/CredentialsManager.php +++ b/lib/private/Security/CredentialsManager.php @@ -81,9 +81,13 @@ class CredentialsManager implements ICredentialsManager { $qb = $this->dbConnection->getQueryBuilder(); $qb->select('credentials') ->from(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } $qResult = $qb->execute(); $result = $qResult->fetch(); @@ -107,9 +111,14 @@ class CredentialsManager implements ICredentialsManager { public function delete($userId, $identifier) { $qb = $this->dbConnection->getQueryBuilder(); $qb->delete(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } + return $qb->execute(); }