From 6b4117df34232fbe9da49fca9a813bc8c5ec226d Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 10 Mar 2016 10:24:08 +0100 Subject: Correctly escape join statements and use selectAlias --- apps/dav/lib/caldav/caldavbackend.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'apps/dav/lib/caldav') diff --git a/apps/dav/lib/caldav/caldavbackend.php b/apps/dav/lib/caldav/caldavbackend.php index 521d1b1de5e..0315baada3d 100644 --- a/apps/dav/lib/caldav/caldavbackend.php +++ b/apps/dav/lib/caldav/caldavbackend.php @@ -815,9 +815,9 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription function getCalendarObjectByUID($principalUri, $uid) { $query = $this->db->getQueryBuilder(); - $query->select([$query->createFunction('c.`uri` AS `calendaruri`'), $query->createFunction('co.`uri` AS `objecturi`')]) + $query->selectAlias('c.uri', 'calendaruri')->selectAlias('co.uri', 'objecturi') ->from('calendarobjects', 'co') - ->leftJoin('co', 'calendars', 'c', 'co.`calendarid` = c.`id`') + ->leftJoin('co', 'calendars', 'c', $query->expr()->eq('co.calendarid', 'c.id')) ->where($query->expr()->eq('c.principaluri', $query->createNamedParameter($principalUri))) ->andWhere($query->expr()->eq('co.uid', $query->createNamedParameter($uid))); -- cgit v1.2.3