use to_char when comparing clob to string on oracle, use execute audited

2 files changed, 6 insertions, 2 deletions

diff --git a/lib/connector/sabre/locks.php b/lib/connector/sabre/locks.php
index cbc495dec19..7aca2e43712 100644
--- a/lib/connector/sabre/locks.php
+++ b/lib/connector/sabre/locks.php
@@ -176,6 +176,10 @@ class OC_Connector_Sabre_Locks extends Sabre_DAV_Locks_Backend_Abstract {
 	public function unlock($uri, Sabre_DAV_Locks_LockInfo $lockInfo) {
 
 		$sql = 'DELETE FROM `*PREFIX*locks` WHERE `userid` = ? AND `uri` = ? AND `token` = ?';
+		if (OC_Config::getValue( "dbtype") === 'oci') {
+			//FIXME oracle hack: need to explicitly cast CLOB to CHAR for comparison
+			$sql = 'DELETE FROM `*PREFIX*locks` WHERE `userid` = ? AND to_char(`uri`) = ? AND `token` = ?';
+		}
 		$result = OC_DB::executeAudited( $sql, array(OC_User::getUser(), $uri, $lockInfo->token));
 
 		return $result->numRows() === 1;
diff --git a/lib/connector/sabre/node.php b/lib/connector/sabre/node.php
index 1ffa048d6b2..0bffa58af78 100644
--- a/lib/connector/sabre/node.php
+++ b/lib/connector/sabre/node.php
@@ -189,8 +189,8 @@ abstract class OC_Connector_Sabre_Node implements Sabre_DAV_INode, Sabre_DAV_IPr
 	 */
 	public function getProperties($properties) {
 		if (is_null($this->property_cache)) {
-			$query = OC_DB::prepare( 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?' );
-			$result = $query->execute( array( OC_User::getUser(), $this->path ));
+			$sql = 'SELECT * FROM `*PREFIX*properties` WHERE `userid` = ? AND `propertypath` = ?';
+			$result = OC_DB::executeAudited( $sql, array( OC_User::getUser(), $this->path ) );
 
 			$this->property_cache = array();
 			while( $row = $result->fetchRow()) {