diff options
author | Joas Schilling <coding@schilljs.com> | 2020-12-10 10:22:21 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2020-12-14 09:35:50 +0100 |
commit | 5828f3c4f91c07e4e2b1967db72516721c484014 (patch) | |
tree | be3ecff104fb39e813b733a31df2006ddd9fab4d | |
parent | 5fc20e886218e71d1bfd1fbaf8d65d8b0a9b9a09 (diff) | |
download | nextcloud-server-5828f3c4f91c07e4e2b1967db72516721c484014.tar.gz nextcloud-server-5828f3c4f91c07e4e2b1967db72516721c484014.zip |
Prevent * and other things in the same query for Oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r-- | lib/private/DB/QueryBuilder/QueryBuilder.php | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/private/DB/QueryBuilder/QueryBuilder.php b/lib/private/DB/QueryBuilder/QueryBuilder.php index ebd715df1c1..a5ea08127c7 100644 --- a/lib/private/DB/QueryBuilder/QueryBuilder.php +++ b/lib/private/DB/QueryBuilder/QueryBuilder.php @@ -31,6 +31,7 @@ namespace OC\DB\QueryBuilder; use Doctrine\DBAL\Platforms\MySqlPlatform; use Doctrine\DBAL\Platforms\PostgreSqlPlatform; use Doctrine\DBAL\Platforms\SqlitePlatform; +use Doctrine\DBAL\Query\QueryException; use OC\DB\OracleConnection; use OC\DB\QueryBuilder\ExpressionBuilder\ExpressionBuilder; use OC\DB\QueryBuilder\ExpressionBuilder\MySqlExpressionBuilder; @@ -223,6 +224,26 @@ class QueryBuilder implements IQueryBuilder { } } + if (!empty($this->getQueryPart('select'))) { + $select = $this->getQueryPart('select'); + $hasSelectAll = array_filter($select, static function ($s) { + return $s === '*'; + }); + $hasSelectSpecific = array_filter($select, static function ($s) { + return $s !== '*'; + }); + + if (empty($hasSelectAll) === empty($hasSelectSpecific)) { + $exception = new QueryException('Query is selecting * and specific values in the same query. This is not supported in Oracle.'); + $this->logger->logException($exception, [ + 'message' => 'Query is selecting * and specific values in the same query. This is not supported in Oracle.', + 'query' => $this->getSQL(), + 'level' => ILogger::ERROR, + 'app' => 'core', + ]); + } + } + return $this->queryBuilder->execute(); } |