From 5828f3c4f91c07e4e2b1967db72516721c484014 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Thu, 10 Dec 2020 10:22:21 +0100
Subject: Prevent * and other things in the same query for Oracle

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 lib/private/DB/QueryBuilder/QueryBuilder.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'lib/private/DB')

diff --git a/lib/private/DB/QueryBuilder/QueryBuilder.php b/lib/private/DB/QueryBuilder/QueryBuilder.php
index ebd715df1c1..a5ea08127c7 100644
--- a/lib/private/DB/QueryBuilder/QueryBuilder.php
+++ b/lib/private/DB/QueryBuilder/QueryBuilder.php
@@ -31,6 +31,7 @@ namespace OC\DB\QueryBuilder;
 use Doctrine\DBAL\Platforms\MySqlPlatform;
 use Doctrine\DBAL\Platforms\PostgreSqlPlatform;
 use Doctrine\DBAL\Platforms\SqlitePlatform;
+use Doctrine\DBAL\Query\QueryException;
 use OC\DB\OracleConnection;
 use OC\DB\QueryBuilder\ExpressionBuilder\ExpressionBuilder;
 use OC\DB\QueryBuilder\ExpressionBuilder\MySqlExpressionBuilder;
@@ -223,6 +224,26 @@ class QueryBuilder implements IQueryBuilder {
 			}
 		}
 
+		if (!empty($this->getQueryPart('select'))) {
+			$select = $this->getQueryPart('select');
+			$hasSelectAll = array_filter($select, static function ($s) {
+				return $s === '*';
+			});
+			$hasSelectSpecific = array_filter($select, static function ($s) {
+				return $s !== '*';
+			});
+
+			if (empty($hasSelectAll) === empty($hasSelectSpecific)) {
+				$exception = new QueryException('Query is selecting * and specific values in the same query. This is not supported in Oracle.');
+				$this->logger->logException($exception, [
+					'message' => 'Query is selecting * and specific values in the same query. This is not supported in Oracle.',
+					'query' => $this->getSQL(),
+					'level' => ILogger::ERROR,
+					'app' => 'core',
+				]);
+			}
+		}
+
 		return $this->queryBuilder->execute();
 	}
 
-- 
cgit v1.2.3