Safer queries

Signed-off-by: Joas Schilling <coding@schilljs.com>

diff --git a/apps/files_sharing/lib/Command/CleanupRemoteStorages.php b/apps/files_sharing/lib/Command/CleanupRemoteStorages.php
index a94832c1bb928e5b137fa5d7f4d90a3c0db85617..504caba141759227c10b96db17cb3a49587bebd0 100644 (file)
--- a/apps/files_sharing/lib/Command/CleanupRemoteStorages.php
+++ b/apps/files_sharing/lib/Command/CleanupRemoteStorages.php
@@ -142,13 +142,13 @@ class CleanupRemoteStorages extends Command {
                        ->where($queryBuilder->expr()->like(
                                'id',
                                // match all 'shared::' + 32 characters storages
-                               $queryBuilder->createNamedParameter('shared::________________________________', IQueryBuilder::PARAM_STR),
+                               $queryBuilder->createNamedParameter($this->connection->escapeLikeParameter('shared::') . str_repeat('_', 32)),
                                IQueryBuilder::PARAM_STR)
                        )
                        ->andWhere($queryBuilder->expr()->notLike(
                                'id',
                                // but not the ones starting with a '/', they are for normal shares
-                               $queryBuilder->createNamedParameter('shared::/%', IQueryBuilder::PARAM_STR),
+                               $queryBuilder->createNamedParameter($this->connection->escapeLikeParameter('shared::/') . '%'),
                                IQueryBuilder::PARAM_STR)
                        )->orderBy('numeric_id');
                $query = $queryBuilder->execute();