summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2020-12-10 10:22:21 +0100
committerJoas Schilling <coding@schilljs.com>2020-12-14 09:35:50 +0100
commit5828f3c4f91c07e4e2b1967db72516721c484014 (patch)
treebe3ecff104fb39e813b733a31df2006ddd9fab4d
parent5fc20e886218e71d1bfd1fbaf8d65d8b0a9b9a09 (diff)
downloadnextcloud-server-5828f3c4f91c07e4e2b1967db72516721c484014.tar.gz
nextcloud-server-5828f3c4f91c07e4e2b1967db72516721c484014.zip
Prevent * and other things in the same query for Oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r--lib/private/DB/QueryBuilder/QueryBuilder.php21
1 files changed, 21 insertions, 0 deletions
diff --git a/lib/private/DB/QueryBuilder/QueryBuilder.php b/lib/private/DB/QueryBuilder/QueryBuilder.php
index ebd715df1c1..a5ea08127c7 100644
--- a/lib/private/DB/QueryBuilder/QueryBuilder.php
+++ b/lib/private/DB/QueryBuilder/QueryBuilder.php
@@ -31,6 +31,7 @@ namespace OC\DB\QueryBuilder;
use Doctrine\DBAL\Platforms\MySqlPlatform;
use Doctrine\DBAL\Platforms\PostgreSqlPlatform;
use Doctrine\DBAL\Platforms\SqlitePlatform;
+use Doctrine\DBAL\Query\QueryException;
use OC\DB\OracleConnection;
use OC\DB\QueryBuilder\ExpressionBuilder\ExpressionBuilder;
use OC\DB\QueryBuilder\ExpressionBuilder\MySqlExpressionBuilder;
@@ -223,6 +224,26 @@ class QueryBuilder implements IQueryBuilder {
}
}
+ if (!empty($this->getQueryPart('select'))) {
+ $select = $this->getQueryPart('select');
+ $hasSelectAll = array_filter($select, static function ($s) {
+ return $s === '*';
+ });
+ $hasSelectSpecific = array_filter($select, static function ($s) {
+ return $s !== '*';
+ });
+
+ if (empty($hasSelectAll) === empty($hasSelectSpecific)) {
+ $exception = new QueryException('Query is selecting * and specific values in the same query. This is not supported in Oracle.');
+ $this->logger->logException($exception, [
+ 'message' => 'Query is selecting * and specific values in the same query. This is not supported in Oracle.',
+ 'query' => $this->getSQL(),
+ 'level' => ILogger::ERROR,
+ 'app' => 'core',
+ ]);
+ }
+ }
+
return $this->queryBuilder->execute();
}