From 0bf06d66913df92251ece31a14444e2975a0b5ca Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Mon, 30 Mar 2015 20:07:12 +0200
Subject: [PATCH] No injections

---
 lib/private/share/share.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 38fd34e9760..d254b5a665c 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -1167,7 +1167,8 @@ class Share extends \OC\Share\Constants {
 
 		$qb->select('`uid_owner`')
 			->from('`*PREFIX*share`')
-			->where($qb->expr()->eq('`id`', $shareId));
+			->where('`id` = :shareId')
+			->setParameter(':shareId', $shareId);
 		$result = $qb->execute();
 		$result = $result->fetch();
 
@@ -1215,8 +1216,11 @@ class Share extends \OC\Share\Constants {
 
 		$qb = $connection->createQueryBuilder();
 		$qb->update('`*PREFIX*share`')
-			->set('`share_with`', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password)))
-			->where($qb->expr()->eq('`id`', $shareId));
+			->set('`share_with`', ':pass')
+			->where('`id` = :shareId')
+			->setParameter(':pass', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password)))
+			->setParameter(':shareId', $shareId);
+
 		$qb->execute();
 
 		return true;
-- 
2.39.5