Merge pull request #36099 from nextcloud/backport/34924/stable25

[stable25] escape path prefix when doing cache jail search

3 files changed, 8 insertions, 7 deletions

diff --git a/lib/private/Files/Cache/Wrapper/CacheJail.php b/lib/private/Files/Cache/Wrapper/CacheJail.php
index 996f0c02603..3c1d2053035 100644
--- a/lib/private/Files/Cache/Wrapper/CacheJail.php
+++ b/lib/private/Files/Cache/Wrapper/CacheJail.php
@@ -317,7 +317,7 @@ class CacheJail extends CacheWrapper {
 					new SearchBinaryOperator(ISearchBinaryOperator::OPERATOR_OR,
 						[
 							new SearchComparison(ISearchComparison::COMPARE_EQUAL, 'path', $this->getGetUnjailedRoot()),
-							new SearchComparison(ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE, 'path', $this->getGetUnjailedRoot() . '/%'),
+							new SearchComparison(ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE, 'path', SearchComparison::escapeLikeParameter($this->getGetUnjailedRoot()) . '/%'),
 						],
 					)
 				]
diff --git a/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php b/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php
index eea4b430578..62182303ffd 100644
--- a/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php
+++ b/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php
@@ -23,15 +23,12 @@ declare(strict_types=1);
 
 namespace OC\Files\Search\QueryOptimizer;
 
+use OC\Files\Search\SearchComparison;
 use OCP\Files\Search\ISearchBinaryOperator;
 use OCP\Files\Search\ISearchComparison;
 use OCP\Files\Search\ISearchOperator;
 
 class PathPrefixOptimizer extends QueryOptimizerStep {
-	public function escapeLikeParameter(string $param): string {
-		return addcslashes($param, '\\_%');
-	}
-
 	public function processOperator(ISearchOperator &$operator) {
 		// normally the `path = "$prefix"` search query part of the prefix filter would be generated as an `path_hash = md5($prefix)` sql query
 		// since the `path_hash` sql column usually provides much faster querying that selecting on the `path` sql column
@@ -43,11 +40,11 @@ class PathPrefixOptimizer extends QueryOptimizerStep {
 			$b = $operator->getArguments()[1];
 			if ($a instanceof ISearchComparison && $b instanceof ISearchComparison && $a->getField() === 'path' && $b->getField() === 'path') {
 				if ($a->getType() === ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE && $b->getType() === ISearchComparison::COMPARE_EQUAL
-					&& $a->getValue() === $this->escapeLikeParameter($b->getValue()) . '/%') {
+					&& $a->getValue() === SearchComparison::escapeLikeParameter($b->getValue()) . '/%') {
 					$b->setQueryHint(ISearchComparison::HINT_PATH_EQ_HASH, false);
 				}
 				if ($b->getType() === ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE && $a->getType() === ISearchComparison::COMPARE_EQUAL
-					&& $b->getValue() === $this->escapeLikeParameter($a->getValue()) . '/%') {
+					&& $b->getValue() === SearchComparison::escapeLikeParameter($a->getValue()) . '/%') {
 					$a->setQueryHint(ISearchComparison::HINT_PATH_EQ_HASH, false);
 				}
 			}
diff --git a/lib/private/Files/Search/SearchComparison.php b/lib/private/Files/Search/SearchComparison.php
index ab5a4d0ed73..122a1f730b4 100644
--- a/lib/private/Files/Search/SearchComparison.php
+++ b/lib/private/Files/Search/SearchComparison.php
@@ -74,4 +74,8 @@ class SearchComparison implements ISearchComparison {
 	public function setQueryHint(string $name, $value): void {
 		$this->hints[$name] = $value;
 	}
+
+	public static function escapeLikeParameter(string $param): string {
+		return addcslashes($param, '\\_%');
+	}
 }