diff options
author | Robin Appelman <icewind@owncloud.com> | 2015-11-10 13:14:32 +0100 |
---|---|---|
committer | Robin Appelman <icewind@owncloud.com> | 2015-11-20 14:40:08 +0100 |
commit | 9d04876824e3807866ea519a4302fe2c50bf2254 (patch) | |
tree | d112a5c7e68eb3832f025e938c59cef2bd223ce5 /lib | |
parent | 46942ff9ec0707a84e6aaa98802da3e07202cadc (diff) | |
download | nextcloud-server-9d04876824e3807866ea519a4302fe2c50bf2254.tar.gz nextcloud-server-9d04876824e3807866ea519a4302fe2c50bf2254.zip |
escape like parameter in cache move
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/files/cache/cache.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/private/files/cache/cache.php b/lib/private/files/cache/cache.php index 680398e383f..7cdff3a23ed 100644 --- a/lib/private/files/cache/cache.php +++ b/lib/private/files/cache/cache.php @@ -544,7 +544,8 @@ class Cache { if ($sourceData['mimetype'] === 'httpd/unix-directory') { //find all child entries $sql = 'SELECT `path`, `fileid` FROM `*PREFIX*filecache` WHERE `storage` = ? AND `path` LIKE ?'; - $result = \OC_DB::executeAudited($sql, [$sourceStorageId, $sourcePath . '/%']); + $escapedPath = addcslashes($sourcePath, '\\_%'); + $result = \OC_DB::executeAudited($sql, [$sourceStorageId, $escapedPath . '/%']); $childEntries = $result->fetchAll(); $sourceLength = strlen($sourcePath); \OC_DB::beginTransaction(); |