From 84d37143b0acc1f8b9f06e7609d31f3452ffa555 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 8 Dec 2021 16:40:39 +0100
Subject: Only wildcard search if enumeration is allowed

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 apps/dav/lib/CardDAV/AddressBookImpl.php | 1 +
 apps/dav/lib/CardDAV/CardDavBackend.php  | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

(limited to 'apps')

diff --git a/apps/dav/lib/CardDAV/AddressBookImpl.php b/apps/dav/lib/CardDAV/AddressBookImpl.php
index 8b0d494fd01..1b74f329f1f 100644
--- a/apps/dav/lib/CardDAV/AddressBookImpl.php
+++ b/apps/dav/lib/CardDAV/AddressBookImpl.php
@@ -107,6 +107,7 @@ class AddressBookImpl implements IAddressBook {
 	 * 	- 'escape_like_param' - If set to false wildcards _ and % are not escaped
 	 * 	- 'limit' - Set a numeric limit for the search results
 	 * 	- 'offset' - Set the offset for the limited search results
+	 * 	- 'wildcard' - Whether the search should use wildcards
 	 * @return array an array of contacts which are arrays of key-value-pairs
 	 *  example result:
 	 *  [
diff --git a/apps/dav/lib/CardDAV/CardDavBackend.php b/apps/dav/lib/CardDAV/CardDavBackend.php
index 13926ef12ce..403c4646e47 100644
--- a/apps/dav/lib/CardDAV/CardDavBackend.php
+++ b/apps/dav/lib/CardDAV/CardDavBackend.php
@@ -1024,6 +1024,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 	 *    - 'escape_like_param' - If set to false wildcards _ and % are not escaped, otherwise they are
 	 *    - 'limit' - Set a numeric limit for the search results
 	 *    - 'offset' - Set the offset for the limited search results
+	 *    - 'wildcard' - Whether the search should use wildcards
 	 * @return array an array of contacts which are arrays of key-value-pairs
 	 */
 	public function search($addressBookId, $pattern, $searchProperties, $options = []): array {
@@ -1062,6 +1063,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 											array $searchProperties,
 											array $options = []): array {
 		$escapePattern = !\array_key_exists('escape_like_param', $options) || $options['escape_like_param'] !== false;
+		$useWildcards = !\array_key_exists('wildcard', $options) || $options['wildcard'] !== false;
 
 		$query2 = $this->db->getQueryBuilder();
 
@@ -1103,7 +1105,9 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 
 		// No need for like when the pattern is empty
 		if ('' !== $pattern) {
-			if (!$escapePattern) {
+			if (!$useWildcards) {
+				$query2->andWhere($query2->expr()->eq('cp.value', $query2->createNamedParameter($pattern)));
+			} elseif (!$escapePattern) {
 				$query2->andWhere($query2->expr()->ilike('cp.value', $query2->createNamedParameter($pattern)));
 			} else {
 				$query2->andWhere($query2->expr()->ilike('cp.value', $query2->createNamedParameter('%' . $this->db->escapeLikeParameter($pattern) . '%')));
-- 
cgit v1.2.3