From 0bd5bcdaebf23f0a0d9d8c2da4e5983c370892be Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Wed, 2 Nov 2022 12:44:51 +0100 Subject: escape path prefix when doing cache jail search Signed-off-by: Robin Appelman --- lib/private/Files/Cache/Wrapper/CacheJail.php | 2 +- lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php | 9 +++------ lib/private/Files/Search/SearchComparison.php | 4 ++++ 3 files changed, 8 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/private/Files/Cache/Wrapper/CacheJail.php b/lib/private/Files/Cache/Wrapper/CacheJail.php index 5476cc625c3..c5bc618a1c8 100644 --- a/lib/private/Files/Cache/Wrapper/CacheJail.php +++ b/lib/private/Files/Cache/Wrapper/CacheJail.php @@ -317,7 +317,7 @@ class CacheJail extends CacheWrapper { new SearchBinaryOperator(ISearchBinaryOperator::OPERATOR_OR, [ new SearchComparison(ISearchComparison::COMPARE_EQUAL, 'path', $this->getGetUnjailedRoot()), - new SearchComparison(ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE, 'path', $this->getGetUnjailedRoot() . '/%'), + new SearchComparison(ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE, 'path', SearchComparison::escapeLikeParameter($this->getGetUnjailedRoot()) . '/%'), ], ) ] diff --git a/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php b/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php index eea4b430578..62182303ffd 100644 --- a/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php +++ b/lib/private/Files/Search/QueryOptimizer/PathPrefixOptimizer.php @@ -23,15 +23,12 @@ declare(strict_types=1); namespace OC\Files\Search\QueryOptimizer; +use OC\Files\Search\SearchComparison; use OCP\Files\Search\ISearchBinaryOperator; use OCP\Files\Search\ISearchComparison; use OCP\Files\Search\ISearchOperator; class PathPrefixOptimizer extends QueryOptimizerStep { - public function escapeLikeParameter(string $param): string { - return addcslashes($param, '\\_%'); - } - public function processOperator(ISearchOperator &$operator) { // normally the `path = "$prefix"` search query part of the prefix filter would be generated as an `path_hash = md5($prefix)` sql query // since the `path_hash` sql column usually provides much faster querying that selecting on the `path` sql column @@ -43,11 +40,11 @@ class PathPrefixOptimizer extends QueryOptimizerStep { $b = $operator->getArguments()[1]; if ($a instanceof ISearchComparison && $b instanceof ISearchComparison && $a->getField() === 'path' && $b->getField() === 'path') { if ($a->getType() === ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE && $b->getType() === ISearchComparison::COMPARE_EQUAL - && $a->getValue() === $this->escapeLikeParameter($b->getValue()) . '/%') { + && $a->getValue() === SearchComparison::escapeLikeParameter($b->getValue()) . '/%') { $b->setQueryHint(ISearchComparison::HINT_PATH_EQ_HASH, false); } if ($b->getType() === ISearchComparison::COMPARE_LIKE_CASE_SENSITIVE && $a->getType() === ISearchComparison::COMPARE_EQUAL - && $b->getValue() === $this->escapeLikeParameter($a->getValue()) . '/%') { + && $b->getValue() === SearchComparison::escapeLikeParameter($a->getValue()) . '/%') { $a->setQueryHint(ISearchComparison::HINT_PATH_EQ_HASH, false); } } diff --git a/lib/private/Files/Search/SearchComparison.php b/lib/private/Files/Search/SearchComparison.php index ab5a4d0ed73..122a1f730b4 100644 --- a/lib/private/Files/Search/SearchComparison.php +++ b/lib/private/Files/Search/SearchComparison.php @@ -74,4 +74,8 @@ class SearchComparison implements ISearchComparison { public function setQueryHint(string $name, $value): void { $this->hints[$name] = $value; } + + public static function escapeLikeParameter(string $param): string { + return addcslashes($param, '\\_%'); + } } -- cgit v1.2.3