Fix configuration values matched in user searches

Due to a misplaced closing parenthesis the condition of the left join
clause was just "userid = uid"; the other conditions were passed as
additional parameters to "leftJoin", and thus they were ignored.
Therefore, the result set contained every preference of each user
instead of only the email, so the "WHERE configvalue LIKE XXX" matched
any configuration value of the user.

Besides the closing parenthesis this commit also fixes the literal
values. Although "Literal" objects represent literal values they must be
created through "IExpressionBuilder::literal()" to be properly quoted;
otherwise it is just a plain string, which is treated as a column name.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index 6e44c902286..8dad3ef5fcd 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -203,9 +203,9 @@ class Database extends Backend implements IUserBackend {
 		$query->select('uid', 'displayname')
 			->from('users', 'u')
 			->leftJoin('u', 'preferences', 'p', $query->expr()->andX(
-				$query->expr()->eq('userid', 'uid')),
-				$query->expr()->eq('appid', new Literal('settings')),
-				$query->expr()->eq('configkey', new Literal('email'))
+				$query->expr()->eq('userid', 'uid'),
+				$query->expr()->eq('appid', $query->expr()->literal('settings')),
+				$query->expr()->eq('configkey', $query->expr()->literal('email')))
 			)
 			// sqlite doesn't like re-using a single named parameter here
 			->where($query->expr()->iLike('uid', $query->createPositionalParameter('%' . $connection->escapeLikeParameter($search) . '%')))