Escape special characters #25429

Merged
merged 8 commits into from Jul 20, 2016

Projects

None yet

5 participants

@aaronjwood
Contributor

This should help with #16580. I ignored a few instances I came across in the test files.

aaronjwood added some commits Jul 11, 2016
@aaronjwood aaronjwood Escape LIKE parameter d059024
@aaronjwood aaronjwood Escape LIKE parameter f5c7fde
@aaronjwood aaronjwood Escape LIKE parameter 48bd243
@aaronjwood aaronjwood Escape LIKE parameter 4724fa6
@aaronjwood aaronjwood Escape LIKE parameter
ace3242
@mention-bot

@aaronjwood, thanks for your PR! By analyzing the annotation information on this pull request, we identified @rullzer, @PVince81, @blizzz and @DeepDiver1975 to be potential reviewers

@aaronjwood aaronjwood commented on an outdated diff Jul 11, 2016
apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -147,7 +147,7 @@ public function getNamesBySearch($search) {
WHERE `owncloud_name` LIKE ?
');
- $res = $query->execute(array($search));
+ $res = $query->execute(array($this->connection->escapeLikeParameter($search)));
@aaronjwood
aaronjwood Jul 11, 2016 Contributor

I'm not sure if I did the right thing here. Can someone confirm? Should $search be able to contain characters such as _ and/or %?

@aaronjwood aaronjwood Use correct method in the AbstractMapping class
5c7f600
@owncloud-bot
Collaborator

@aaronjwood

Thanks a lot for your contribution!
Contributions to the core repo require a signed contributors agreement http://owncloud.org/about/contributor-agreement/

Alternatively you can add a comment here where you state that this contribution is MIT licensed.

Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/

@DeepDiver1975 DeepDiver1975 added this to the 9.2 milestone Jul 11, 2016
@aaronjwood
Contributor

I state that my contributions here are MIT licensed.

@PVince81
Collaborator
PVince81 commented Jul 11, 2016 edited
  • TEST: custom webdav prop can be set with PROPPATCH and retrieved with PROPFIND
  • TEST: LDAP with users and groups still works
  • legacy storage stuff is obsolete and will only run when upgrading from 8.0 (but good to have the fix there still)

👍

@PVince81
Collaborator

Jenkins PR so we can get CI results: #25433

@DeepDiver1975
Member

Some tests are failing

05:14:21 There were 3 failures:
05:14:21 
05:14:21 1) OCA\DAV\Tests\unit\Connector\Sabre\CustomPropertiesBackendTest::testGetPropertiesForDirectory
05:14:21 Failed asserting that null matches expected 'value1'.
05:14:21 
05:14:21 /ssd/jenkins/workspace/core-ci-linux-php5.4/database/sqlite/label/SLAVE/apps/dav/tests/unit/Connector/Sabre/CustomPropertiesBackendTest.php:281
05:14:21 
05:14:21 2) OCA\User_LDAP\Tests\Mapping\GroupMappingTest::testSearch
05:14:21 Failed asserting that 0 is identical to 2.
05:14:21 
05:14:21 /ssd/jenkins/workspace/core-ci-linux-php5.4/database/sqlite/label/SLAVE/apps/user_ldap/tests/Mapping/AbstractMappingTest.php:169
05:14:21 
05:14:21 3) OCA\User_LDAP\Tests\Mapping\UserMappingTest::testSearch
05:14:21 Failed asserting that 0 is identical to 2.
05:14:21 
05:14:21 /ssd/jenkins/workspace/core-ci-linux-php5.4/database/sqlite/label/SLAVE/apps/user_ldap/tests/Mapping/AbstractMappingTest.php:169
05:14:21 
aaronjwood added some commits Jul 11, 2016
@aaronjwood aaronjwood Change the getNamesBySearch method so that input can be properly esca…
…ped while still supporting matches
f50a1b0
@aaronjwood aaronjwood Don't escape hardcoded wildcard
acb687d
@aaronjwood
Contributor
aaronjwood commented Jul 11, 2016 edited

@DeepDiver1975 thanks for the heads up. I've added a few more fixes that I believe should resolve the failures. Let me know your thoughts on my changes since I've changed the signature of getNamesBySearch()

@owncloud-bot
Collaborator

@aaronjwood

Thanks a lot for your contribution!
Contributions to the core repo require a signed contributors agreement http://owncloud.org/about/contributor-agreement/

Alternatively you can add a comment here where you state that this contribution is MIT licensed.

Some more details about out pull request workflow can be found here: http://owncloud.org/code-reviews-on-github/

@PVince81
Collaborator

Thanks, I have pushed the changes to the Jenkins branch: #25433

@PVince81
Collaborator

Tests passed apparently.

@DeepDiver1975 merge ?

@DeepDiver1975 DeepDiver1975 merged commit 36d6f3b into owncloud:master Jul 20, 2016

3 of 4 checks passed

cla-bot-core Build #5257 failed in 13 sec
Details
Jenkins job PR-25429 This commit looks good
Details
Scrutinizer 1 new issues
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@LukasReschke LukasReschke referenced this pull request in nextcloud/server Jul 20, 2016
Merged

Escape special characters (#25429) #466

@GitHubUser4234 GitHubUser4234 pushed a commit to GitHubUser4234/core that referenced this pull request Jul 22, 2016
@aaronjwood @LukasReschke aaronjwood + LukasReschke Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
7c0de08
@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Oct 11, 2016
@aaronjwood @DeepDiver1975 aaronjwood + DeepDiver1975 [stable9.1] Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
522e714
@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Oct 19, 2016
@aaronjwood @DeepDiver1975 aaronjwood + DeepDiver1975 [stable9] Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
ab92c20
@DeepDiver1975 DeepDiver1975 added a commit that referenced this pull request Oct 19, 2016
@aaronjwood @DeepDiver1975 aaronjwood + DeepDiver1975 [stable8.2] [stable9] Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
b00bdf5
@PVince81
Collaborator

stable9.1: #26340
stable9: #26409
stable8.2: #26410

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment