diff options
author | Joas Schilling <coding@schilljs.com> | 2021-12-08 16:40:39 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2021-12-08 18:54:42 +0100 |
commit | 84d37143b0acc1f8b9f06e7609d31f3452ffa555 (patch) | |
tree | 2c45bf889f47afa4a5ba03f34eff8a51f55d1239 /apps/dav/lib | |
parent | a1d68c0fd681517ee276084e192f2342a6e6f5b9 (diff) | |
download | nextcloud-server-84d37143b0acc1f8b9f06e7609d31f3452ffa555.tar.gz nextcloud-server-84d37143b0acc1f8b9f06e7609d31f3452ffa555.zip |
Only wildcard search if enumeration is allowed
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/dav/lib')
-rw-r--r-- | apps/dav/lib/CardDAV/AddressBookImpl.php | 1 | ||||
-rw-r--r-- | apps/dav/lib/CardDAV/CardDavBackend.php | 6 |
2 files changed, 6 insertions, 1 deletions
diff --git a/apps/dav/lib/CardDAV/AddressBookImpl.php b/apps/dav/lib/CardDAV/AddressBookImpl.php index 8b0d494fd01..1b74f329f1f 100644 --- a/apps/dav/lib/CardDAV/AddressBookImpl.php +++ b/apps/dav/lib/CardDAV/AddressBookImpl.php @@ -107,6 +107,7 @@ class AddressBookImpl implements IAddressBook { * - 'escape_like_param' - If set to false wildcards _ and % are not escaped * - 'limit' - Set a numeric limit for the search results * - 'offset' - Set the offset for the limited search results + * - 'wildcard' - Whether the search should use wildcards * @return array an array of contacts which are arrays of key-value-pairs * example result: * [ diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php index 13926ef12ce..403c4646e47 100644 --- a/apps/dav/lib/CardDAV/CardDavBackend.php +++ b/apps/dav/lib/CardDAV/CardDavBackend.php @@ -1024,6 +1024,7 @@ class CardDavBackend implements BackendInterface, SyncSupport { * - 'escape_like_param' - If set to false wildcards _ and % are not escaped, otherwise they are * - 'limit' - Set a numeric limit for the search results * - 'offset' - Set the offset for the limited search results + * - 'wildcard' - Whether the search should use wildcards * @return array an array of contacts which are arrays of key-value-pairs */ public function search($addressBookId, $pattern, $searchProperties, $options = []): array { @@ -1062,6 +1063,7 @@ class CardDavBackend implements BackendInterface, SyncSupport { array $searchProperties, array $options = []): array { $escapePattern = !\array_key_exists('escape_like_param', $options) || $options['escape_like_param'] !== false; + $useWildcards = !\array_key_exists('wildcard', $options) || $options['wildcard'] !== false; $query2 = $this->db->getQueryBuilder(); @@ -1103,7 +1105,9 @@ class CardDavBackend implements BackendInterface, SyncSupport { // No need for like when the pattern is empty if ('' !== $pattern) { - if (!$escapePattern) { + if (!$useWildcards) { + $query2->andWhere($query2->expr()->eq('cp.value', $query2->createNamedParameter($pattern))); + } elseif (!$escapePattern) { $query2->andWhere($query2->expr()->ilike('cp.value', $query2->createNamedParameter($pattern))); } else { $query2->andWhere($query2->expr()->ilike('cp.value', $query2->createNamedParameter('%' . $this->db->escapeLikeParameter($pattern) . '%'))); |