mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
Browse Source

Escape the search terms on the server 

Signed-off-by: Joas Schilling <coding@schilljs.com>
tags/v16.0.0beta3
Joas Schilling 5 years ago
parent
d4771be2c0
commit
cfa6c7cb71
No account linked to committer's email address
1 changed files with 6 additions and 2 deletions
Split View Show Diff Stats
  1. 6
    2
      lib/private/Collaboration/Resources/Manager.php

+ 6
- 2
lib/private/Collaboration/Resources/Manager.php View File

@@ -138,11 +138,15 @@ class Manager implements IManager {
$query->expr()->eq('a.user_id', $query->createNamedParameter($userId, IQueryBuilder::PARAM_STR))
)
)
->where($query->expr()->iLike('c.name', $query->createNamedParameter($filter, IQueryBuilder::PARAM_STR)))
->andWhere($query->expr()->eq('a.access', $query->createNamedParameter(1, IQueryBuilder::PARAM_INT)))
->where($query->expr()->eq('a.access', $query->createNamedParameter(1, IQueryBuilder::PARAM_INT)))
->orderBy('c.id')
->setMaxResults($limit)
->setFirstResult($start);

if ($filter !== '') {
$query->where($query->expr()->iLike('c.name', $query->createNamedParameter('%' . $this->connection->escapeLikeParameter($filter) . '%')));
}

$result = $query->execute();
$collections = [];


Write Preview
Loading…
Cancel
Save