diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-14 16:12:06 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-01-14 16:12:06 +0100 |
| commit | 3f64d37f2afd2f9a706df7495d543dccdb51c1f7 (patch) | |
| tree | 50d3dc4ea18e7663d93b458c787eed0fa87d4804 /lib | |
| parent | 953c4bf18a2e14b05e36823d97489b566bb65551 (diff) | |
| parent | 663e71e4b3baca2330ec6e8381bbeed00142adf0 (diff) | |
| download | nextcloud-server-3f64d37f2afd2f9a706df7495d543dccdb51c1f7.tar.gz nextcloud-server-3f64d37f2afd2f9a706df7495d543dccdb51c1f7.zip | |
Merge pull request #21623 from owncloud/stricter_defaultprovider
[Share 2.0] Default share provider should only query for supported types
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/share20/defaultshareprovider.php | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/lib/private/share20/defaultshareprovider.php b/lib/private/share20/defaultshareprovider.php index 7a08ecb1210..f4c33d68b46 100644 --- a/lib/private/share20/defaultshareprovider.php +++ b/lib/private/share20/defaultshareprovider.php @@ -36,6 +36,9 @@ use OCP\Files\Node; */ class DefaultShareProvider implements IShareProvider { + // Special share type for user modified group shares + const SHARE_TYPE_USERGROUP = 2; + /** @var IDBConnection */ private $dbConn; @@ -185,8 +188,18 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->select('*') ->from('share') - ->where($qb->expr()->eq('parent', $qb->createParameter('parent'))) - ->setParameter(':parent', $parent->getId()) + ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId()))) + ->andWhere( + $qb->expr()->in( + 'share_type', + [ + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_USER), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_GROUP), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_LINK), + $qb->expr()->literal(self::SHARE_TYPE_USERGROUP), + ] + ) + ) ->orderBy('id'); $cursor = $qb->execute(); @@ -210,8 +223,7 @@ class DefaultShareProvider implements IShareProvider { $qb = $this->dbConn->getQueryBuilder(); $qb->delete('share') - ->where($qb->expr()->eq('id', $qb->createParameter('id'))) - ->setParameter(':id', $share->getId()); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId()))); try { $qb->execute(); @@ -244,8 +256,18 @@ class DefaultShareProvider implements IShareProvider { $qb->select('*') ->from('share') - ->where($qb->expr()->eq('id', $qb->createParameter('id'))) - ->setParameter(':id', $id); + ->where($qb->expr()->eq('id', $qb->createNamedParameter($id))) + ->andWhere( + $qb->expr()->in( + 'share_type', + [ + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_USER), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_GROUP), + $qb->expr()->literal(\OCP\Share::SHARE_TYPE_LINK), + $qb->expr()->literal(self::SHARE_TYPE_USERGROUP), + ] + ) + ); $cursor = $qb->execute(); $data = $cursor->fetch(); |