diff options
| author | Joas Schilling <coding@schilljs.com> | 2019-03-28 09:33:52 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2019-03-28 09:37:22 +0100 |
| commit | cfa6c7cb7191b88622264b011f529dc18f625d9b (patch) | |
| tree | cf4dac022e4197bd194e4074b7ac993471679d92 | |
| parent | d4771be2c0a75673fdb8a9dc91f3ed5963d95155 (diff) | |
| download | nextcloud-server-cfa6c7cb7191b88622264b011f529dc18f625d9b.tar.gz nextcloud-server-cfa6c7cb7191b88622264b011f529dc18f625d9b.zip | |
Escape the search terms on the server
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/private/Collaboration/Resources/Manager.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/private/Collaboration/Resources/Manager.php b/lib/private/Collaboration/Resources/Manager.php index 4d24636b6b0..add23171f56 100644 --- a/lib/private/Collaboration/Resources/Manager.php +++ b/lib/private/Collaboration/Resources/Manager.php @@ -138,11 +138,15 @@ class Manager implements IManager { $query->expr()->eq('a.user_id', $query->createNamedParameter($userId, IQueryBuilder::PARAM_STR)) ) ) - ->where($query->expr()->iLike('c.name', $query->createNamedParameter($filter, IQueryBuilder::PARAM_STR))) - ->andWhere($query->expr()->eq('a.access', $query->createNamedParameter(1, IQueryBuilder::PARAM_INT))) + ->where($query->expr()->eq('a.access', $query->createNamedParameter(1, IQueryBuilder::PARAM_INT))) ->orderBy('c.id') ->setMaxResults($limit) ->setFirstResult($start); + + if ($filter !== '') { + $query->where($query->expr()->iLike('c.name', $query->createNamedParameter('%' . $this->connection->escapeLikeParameter($filter) . '%'))); + } + $result = $query->execute(); $collections = []; |