diff options
| author | Joas Schilling <coding@schilljs.com> | 2020-11-09 17:33:05 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2020-11-10 15:36:26 +0100 |
| commit | 1aa9c9164d73be7aabb5a2ff18e8999c55e33a48 (patch) | |
| tree | b882362abd43761f86758fa31cc5292a66a7dc12 | |
| parent | cffad62771a1640675e92fdc6a85ff013bac2ec4 (diff) | |
| download | nextcloud-server-1aa9c9164d73be7aabb5a2ff18e8999c55e33a48.tar.gz nextcloud-server-1aa9c9164d73be7aabb5a2ff18e8999c55e33a48.zip | |
Fix comparing the empty string for global credentials
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/DB/Connection.php | 16 | ||||
| -rw-r--r-- | lib/private/Security/CredentialsManager.php | 21 |
2 files changed, 26 insertions, 11 deletions
diff --git a/lib/private/DB/Connection.php b/lib/private/DB/Connection.php index 6835226357f..0ea71637943 100644 --- a/lib/private/DB/Connection.php +++ b/lib/private/DB/Connection.php @@ -332,11 +332,17 @@ class Connection extends ReconnectWrapper implements IDBConnection { $where = $updateQb->expr()->andX(); $whereValues = array_merge($keys, $updatePreconditionValues); foreach ($whereValues as $name => $value) { - $where->add($updateQb->expr()->eq( - $name, - $updateQb->createNamedParameter($value, $this->getType($value)), - $this->getType($value) - )); + if ($value === '') { + $where->add($updateQb->expr()->emptyString( + $name + )); + } else { + $where->add($updateQb->expr()->eq( + $name, + $updateQb->createNamedParameter($value, $this->getType($value)), + $this->getType($value) + )); + } } $updateQb->where($where); $affected = $updateQb->execute(); diff --git a/lib/private/Security/CredentialsManager.php b/lib/private/Security/CredentialsManager.php index a40a7e1d88e..20af25ae10f 100644 --- a/lib/private/Security/CredentialsManager.php +++ b/lib/private/Security/CredentialsManager.php @@ -81,9 +81,13 @@ class CredentialsManager implements ICredentialsManager { $qb = $this->dbConnection->getQueryBuilder(); $qb->select('credentials') ->from(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } $qResult = $qb->execute(); $result = $qResult->fetch(); @@ -107,9 +111,14 @@ class CredentialsManager implements ICredentialsManager { public function delete($userId, $identifier) { $qb = $this->dbConnection->getQueryBuilder(); $qb->delete(self::DB_TABLE) - ->where($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))) - ->andWhere($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))) - ; + ->where($qb->expr()->eq('identifier', $qb->createNamedParameter($identifier))); + + if ($userId === '') { + $qb->andWhere($qb->expr()->emptyString('user')); + } else { + $qb->andWhere($qb->expr()->eq('user', $qb->createNamedParameter((string)$userId))); + } + return $qb->execute(); } |