summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorRobin Appelman <icewind@owncloud.com>2015-11-10 13:14:32 +0100
committerRobin Appelman <icewind@owncloud.com>2015-11-20 14:40:08 +0100
commit9d04876824e3807866ea519a4302fe2c50bf2254 (patch)
treed112a5c7e68eb3832f025e938c59cef2bd223ce5 /lib
parent46942ff9ec0707a84e6aaa98802da3e07202cadc (diff)
downloadnextcloud-server-9d04876824e3807866ea519a4302fe2c50bf2254.tar.gz
nextcloud-server-9d04876824e3807866ea519a4302fe2c50bf2254.zip
escape like parameter in cache move
Diffstat (limited to 'lib')
-rw-r--r--lib/private/files/cache/cache.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/files/cache/cache.php b/lib/private/files/cache/cache.php
index 680398e383f..7cdff3a23ed 100644
--- a/lib/private/files/cache/cache.php
+++ b/lib/private/files/cache/cache.php
@@ -544,7 +544,8 @@ class Cache {
if ($sourceData['mimetype'] === 'httpd/unix-directory') {
//find all child entries
$sql = 'SELECT `path`, `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path` LIKE ?';
- $result = \OC_DB::executeAudited($sql, [$sourceStorageId, $sourcePath . '/%']);
+ $escapedPath = addcslashes($sourcePath, '\\_%');
+ $result = \OC_DB::executeAudited($sql, [$sourceStorageId, $escapedPath . '/%']);
$childEntries = $result->fetchAll();
$sourceLength = strlen($sourcePath);
\OC_DB::beginTransaction();