diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2015-03-30 20:07:12 +0200 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2015-03-30 20:07:12 +0200 |
| commit | 0bf06d66913df92251ece31a14444e2975a0b5ca (patch) | |
| tree | fa6ca3c45e65ce82523070fe1d30e586d61ba7e0 /lib/private/share | |
| parent | b0aa17b13fe504445a3108e46a56031ca4b73bc6 (diff) | |
| download | nextcloud-server-0bf06d66913df92251ece31a14444e2975a0b5ca.tar.gz nextcloud-server-0bf06d66913df92251ece31a14444e2975a0b5ca.zip | |
No injections
Diffstat (limited to 'lib/private/share')
| -rw-r--r-- | lib/private/share/share.php | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 38fd34e9760..d254b5a665c 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -1167,7 +1167,8 @@ class Share extends \OC\Share\Constants { $qb->select('`uid_owner`') ->from('`*PREFIX*share`') - ->where($qb->expr()->eq('`id`', $shareId)); + ->where('`id` = :shareId') + ->setParameter(':shareId', $shareId); $result = $qb->execute(); $result = $result->fetch(); @@ -1215,8 +1216,11 @@ class Share extends \OC\Share\Constants { $qb = $connection->createQueryBuilder(); $qb->update('`*PREFIX*share`') - ->set('`share_with`', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password))) - ->where($qb->expr()->eq('`id`', $shareId)); + ->set('`share_with`', ':pass') + ->where('`id` = :shareId') + ->setParameter(':pass', is_null($password) ? 'NULL' : $qb->expr()->literal(\OC::$server->getHasher()->hash($password))) + ->setParameter(':shareId', $shareId); + $qb->execute(); return true; |