mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Properly escape column name in "createFunction" call 

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2018-10-16 14:55:41 +02:00
parent ad66b0f9ab
commit b458ed9c82
No known key found for this signature in database
GPG Key ID: FE03C3A163FEDE68
6 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/dav/lib/Migration/BuildCalendarSearchIndex.php
View File

@ -70,7 +70,7 @@ class BuildCalendarSearchIndex implements IRepairStep {
} }
$query = $this->db->getQueryBuilder(); $query = $this->db->getQueryBuilder();
$query->select($query->createFunction('MAX(id)')) $query->select($query->createFunction('MAX(' . $query->getColumnName('id') . ')'))
->from('calendarobjects'); ->from('calendarobjects');
$maxId = (int)$query->execute()->fetchColumn(); $maxId = (int)$query->execute()->fetchColumn();

2
apps/files_sharing/lib/Command/CleanupRemoteStorages.php
View File

@ -98,7 +98,7 @@ class CleanupRemoteStorages extends Command {
public function countFiles($numericId, OutputInterface $output) { public function countFiles($numericId, OutputInterface $output) {
$queryBuilder = $this->connection->getQueryBuilder(); $queryBuilder = $this->connection->getQueryBuilder();
$queryBuilder->select($queryBuilder->createFunction('count(fileid)')) $queryBuilder->select($queryBuilder->createFunction('COUNT(' . $queryBuilder->getColumnName('fileid') . ')'))
->from('filecache') ->from('filecache')
->where($queryBuilder->expr()->eq( ->where($queryBuilder->expr()->eq(
'storage', 'storage',

2
apps/user_ldap/lib/Mapping/AbstractMapping.php
View File

@ -311,7 +311,7 @@ abstract class AbstractMapping {
*/ */
public function count() { public function count() {
$qb = $this->dbc->getQueryBuilder(); $qb = $this->dbc->getQueryBuilder();
$query = $qb->select($qb->createFunction('COUNT(`ldap_dn`)')) $query = $qb->select($qb->createFunction('COUNT(' . $qb->getColumnName('ldap_dn') . ')'))
->from($this->getTableName()); ->from($this->getTableName());
$res = $query->execute(); $res = $query->execute();
$count = $res->fetchColumn(); $count = $res->fetchColumn();

2
lib/private/Comments/Manager.php
View File

@ -163,7 +163,7 @@ class Manager implements ICommentsManager {
*/ */
protected function updateChildrenInformation($id, \DateTime $cDateTime) { protected function updateChildrenInformation($id, \DateTime $cDateTime) {
$qb = $this->dbConn->getQueryBuilder(); $qb = $this->dbConn->getQueryBuilder();
$query = $qb->select($qb->createFunction('COUNT(`id`)')) $query = $qb->select($qb->createFunction('COUNT(' . $qb->getColumnName('id') . ')'))
->from('comments') ->from('comments')
->where($qb->expr()->eq('parent_id', $qb->createParameter('id'))) ->where($qb->expr()->eq('parent_id', $qb->createParameter('id')))
->setParameter('id', $id); ->setParameter('id', $id);

4
lib/private/Group/Database.php
View File

@ -387,9 +387,9 @@ class Database extends ABackend
$this->fixDI(); $this->fixDI();
$query = $this->dbConn->getQueryBuilder(); $query = $this->dbConn->getQueryBuilder();
$query->select($query->createFunction('COUNT(Distinct uid)')) $query->select($query->createFunction('COUNT(DISTINCT ' . $query->getColumnName('uid') . ')'))
->from('preferences', 'p') ->from('preferences', 'p')
->innerJoin('p', 'group_user', 'g', 'p.userid = g.uid') ->innerJoin('p', 'group_user', 'g', $query->expr()->eq('p.userid', 'g.uid'))
->where($query->expr()->eq('appid', $query->createNamedParameter('core'))) ->where($query->expr()->eq('appid', $query->createNamedParameter('core')))
->andWhere($query->expr()->eq('configkey', $query->createNamedParameter('enabled'))) ->andWhere($query->expr()->eq('configkey', $query->createNamedParameter('enabled')))
->andWhere($query->expr()->eq('configvalue', $query->createNamedParameter('false'), IQueryBuilder::PARAM_STR)) ->andWhere($query->expr()->eq('configvalue', $query->createNamedParameter('false'), IQueryBuilder::PARAM_STR))

4
lib/private/User/Manager.php
View File

@ -475,9 +475,9 @@ class Manager extends PublicEmitter implements IUserManager {
*/ */
public function countDisabledUsersOfGroups(array $groups): int { public function countDisabledUsersOfGroups(array $groups): int {
$queryBuilder = \OC::$server->getDatabaseConnection()->getQueryBuilder(); $queryBuilder = \OC::$server->getDatabaseConnection()->getQueryBuilder();
$queryBuilder->select($queryBuilder->createFunction('COUNT(Distinct uid)')) $queryBuilder->select($queryBuilder->createFunction('COUNT(DISTINCT ' . $queryBuilder->getColumnName('uid') . ')'))
->from('preferences', 'p') ->from('preferences', 'p')
->innerJoin('p', 'group_user', 'g', 'p.userid = g.uid') ->innerJoin('p', 'group_user', 'g', $queryBuilder->expr()->eq('p.userid', 'g.uid'))
->where($queryBuilder->expr()->eq('appid', $queryBuilder->createNamedParameter('core'))) ->where($queryBuilder->expr()->eq('appid', $queryBuilder->createNamedParameter('core')))
->andWhere($queryBuilder->expr()->eq('configkey', $queryBuilder->createNamedParameter('enabled'))) ->andWhere($queryBuilder->expr()->eq('configkey', $queryBuilder->createNamedParameter('enabled')))
->andWhere($queryBuilder->expr()->eq('configvalue', $queryBuilder->createNamedParameter('false'), IQueryBuilder::PARAM_STR)) ->andWhere($queryBuilder->expr()->eq('configvalue', $queryBuilder->createNamedParameter('false'), IQueryBuilder::PARAM_STR))