Loading Dockerfile +9 −10 Original line number Diff line number Diff line FROM nextcloud:24.0.8-fpm AS nextcloud FROM nextcloud:25.0.3-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_HELPER_JOB_ID="446245" ARG NEWS_VERSION="20.0.0" ARG NEWS_VERSION="20.0.1" ARG QUOTA_WARN_VERSION="1.15.0" ARG NOTES_VERSION="4.5.1" ARG NOTES_VERSION="4.6.0" ARG CONTACTS_JOB_ID="471108" ARG CALENDAR_JOB_ID="471116" ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" Loading @@ -13,10 +13,10 @@ ARG RAINLOOP_VERSION="7.2.5" ARG RAINLOOP_COMMIT_SHA="523518ba" ARG EA_JOB_ID="445966" ARG ECLOUD_LAUNCHER_JOB_ID="458901" ARG GOOGLE_INTEGRATION_VERSION="1.0.8" ARG GOOGLE_INTEGRATION_VERSION="1.0.9" ARG ECLOUD_DASHBOARD_JOB_ID="485170" RUN sed -i 's/24,0,8,2/24,0,8,7/' ${BASE_DIR}/version.php RUN sed -i 's/25,0,3,2/25,0,3,2/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images Loading Loading @@ -119,8 +119,8 @@ COPY patches/ ${TMP_PATCH_DIR}/ RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch # RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch # RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch Loading Loading @@ -164,10 +164,9 @@ COPY patches/ ${TMP_PATCH_DIR}/ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch # RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch # RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading patches/003-contact-search-removal.patch +6 −6 Original line number Diff line number Diff line Loading @@ -5,14 +5,14 @@ Subject: [PATCH] remove user search icon in header tab This patch removes the top right icon enabling the global user search function available to all in nextcloud. diff --git layout.user.php layout.user.php-new --- layout.user.php 2021-06-22 14:06:34.786843164 +0530 +++ layout.user.php-new 2021-06-22 14:07:45.938569109 +0530 @@ -103,14 +103,6 @@ --- layout.user.php 2023-02-01 21:04:06.457790526 +0530 +++ layout.user.php-new 2023-02-01 21:04:35.125102888 +0530 @@ -69,14 +69,6 @@ <div class="header-right"> <div id="unified-search"></div> <div id="notifications"></div> - <div id="contactsmenu"> - <div class="icon-contacts menutoggle" tabindex="0" role="button" - <div class="menutoggle" tabindex="0" role="button" - aria-haspopup="true" aria-controls="contactsmenu-menu" aria-expanded="false"> - <span class="hidden-visually"><?php p($l->t('Contacts'));?></span> - </div> Loading @@ -21,4 +21,4 @@ diff --git layout.user.php layout.user.php-new - </div> <div id="settings"> <div id="expand" tabindex="0" role="button" class="menutoggle" aria-label="<?php p($l->t('Settings'));?>" aria-label="<?php p($l->t('Open settings menu'));?>" patches/004-contact-search-controller-removal.patch +8 −8 Original line number Diff line number Diff line Loading @@ -5,21 +5,21 @@ Subject: [PATCH] do not return these results in user search This patch removes some results from the contact menu controller, not to leak user informations diff --git ContactsMenuController.php ContactsMenuController-new.php --- ContactsMenuController.php 2021-02-04 10:20:18.000000000 +0100 +++ ContactsMenuController-new.php 2021-02-04 10:30:13.000000000 +0100 @@ -58,7 +58,7 @@ * @return \JsonSerializable[] --- ./core/Controller/ContactsMenuController.php 2023-02-01 21:40:07.515628276 +0530 +++ ./core/Controller/ContactsMenuController-new.php 2023-02-01 21:39:07.398140201 +0530 @@ -49,7 +49,7 @@ * @throws Exception */ public function index($filter = null) { public function index(?string $filter = null): array { - return $this->manager->getEntries($this->userSession->getUser(), $filter); + return []; } /** @@ -69,11 +69,6 @@ * @return JSONResponse|\JsonSerializable @@ -59,11 +59,6 @@ * @throws Exception */ public function findOne($shareType, $shareWith) { public function findOne(int $shareType, string $shareWith) { - $contact = $this->manager->findOne($this->userSession->getUser(), $shareType, $shareWith); - - if ($contact) { Loading patches/005-autocomplete-user-leak-core.patch +61 −61 Original line number Diff line number Diff line Loading @@ -29,17 +29,17 @@ diff --git lib/private/Collaboration/Collaborators/UserPlugin.php lib/private/Co $foundUserById = true; diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Collaboration/Collaborators/MailPlugin-new.php --- lib/private/Collaboration/Collaborators/MailPlugin.php 2022-11-23 15:20:44.460495300 +0530 +++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2022-11-23 16:55:17.540495300 +0530 @@ -36,6 +36,7 @@ use OCP\IConfig; use OCP\IGroupManager; use OCP\IUser; +use OCP\IUserManager; --- lib/private/Collaboration/Collaborators/MailPlugin.php 2023-02-01 21:43:07.661060529 +0530 +++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2023-02-01 21:51:00.382603635 +0530 @@ -39,6 +39,7 @@ use OCP\IUserSession; use OCP\Share\IShare; use OCP\Mail\IMailer; @@ -76,13 +77,15 @@ +use OCP\IUserManager; class MailPlugin implements ISearchPlugin { /* @var bool */ @@ -76,7 +77,8 @@ IGroupManager $groupManager, KnownUserService $knownUserService, IUserSession $userSession, Loading @@ -49,32 +49,31 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co $this->contactsManager = $contactsManager; $this->cloudIdManager = $cloudIdManager; $this->config = $config; $this->groupManager = $groupManager; @@ -84,6 +86,7 @@ $this->knownUserService = $knownUserService; $this->userSession = $userSession; + $this->userManager = $userManager; $this->mailer = $mailer; + $this->userManager = $userManager; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; @@ -224,27 +227,63 @@ $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; @@ -230,27 +233,61 @@ if ($exactEmailMatch) { $searchResult->markExactIdMatch($emailType); } - $result['exact'][] = [ - 'label' => $displayName, - 'uuid' => $contact['UID'], - 'name' => $contact['FN'], - 'uuid' => $contact['UID'] ?? $emailAddress, - 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, - 'shareWith' => $emailAddress, - ], - ]; + + $isUserinInstance = $this->userManager->get($emailAddress); + if ($isUserinInstance === null) { + // /e/ user is not in ecloud + + $result['exact'][] = [ + 'label' => $displayName, + 'uuid' => $contact['UID'], Loading Loading @@ -102,8 +101,8 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co } else { - $result['wide'][] = [ - 'label' => $displayName, - 'uuid' => $contact['UID'], - 'name' => $contact['FN'], - 'uuid' => $contact['UID'] ?? $emailAddress, - 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, Loading Loading @@ -140,3 +139,4 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co } } } patches/005-autocomplete-user-leak-custom-app.patchdeleted 100644 → 0 +0 −25 Original line number Diff line number Diff line From: diroots <diroots@e.email> Date: Tue, 02 Mar 2021 15:43:12 +0100 Subject: [PATCH] filter user search results during file sharing - user_backend_sql_raw app changes This patch filter results from user search not to return users by their displayname, but only return users with full username, ie. username@ecloud_domain so no user leaks with their display name which could be username this filtering works in conjunction with the autocomplete feature disabled in nextcloud settings this patch is applied to the user_backend_sql_raw app as this application superseeds the nextcloud's core UserBackend class diff --git user_backend_sql_raw/lib/UserBackend.php user_backend_sql_raw/lib/UserBackend-new.php --- user_backend_sql_raw/lib/UserBackend.php 2020-10-06 01:56:49.000000000 +0200 +++ user_backend_sql_raw/lib/UserBackend-new.php 2021-03-02 15:43:12.615868478 +0100 @@ -108,7 +108,8 @@ // Because MariaDB can not handle string parameters for LIMIT/OFFSET we have to bind the // values "manually" instead of passing an array to execute(). This is another instance of // MariaDB making the code "uglier". - $statement->bindValue(':search', '%' . $searchString . '%', \PDO::PARAM_STR); + $statement->bindValue(':search', $searchString , \PDO::PARAM_STR); + if (isset($limit)) { $statement->bindValue(':limit', intval($limit), \PDO::PARAM_INT); } No newline at end of file Loading
Dockerfile +9 −10 Original line number Diff line number Diff line FROM nextcloud:24.0.8-fpm AS nextcloud FROM nextcloud:25.0.3-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_HELPER_JOB_ID="446245" ARG NEWS_VERSION="20.0.0" ARG NEWS_VERSION="20.0.1" ARG QUOTA_WARN_VERSION="1.15.0" ARG NOTES_VERSION="4.5.1" ARG NOTES_VERSION="4.6.0" ARG CONTACTS_JOB_ID="471108" ARG CALENDAR_JOB_ID="471116" ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" Loading @@ -13,10 +13,10 @@ ARG RAINLOOP_VERSION="7.2.5" ARG RAINLOOP_COMMIT_SHA="523518ba" ARG EA_JOB_ID="445966" ARG ECLOUD_LAUNCHER_JOB_ID="458901" ARG GOOGLE_INTEGRATION_VERSION="1.0.8" ARG GOOGLE_INTEGRATION_VERSION="1.0.9" ARG ECLOUD_DASHBOARD_JOB_ID="485170" RUN sed -i 's/24,0,8,2/24,0,8,7/' ${BASE_DIR}/version.php RUN sed -i 's/25,0,3,2/25,0,3,2/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images Loading Loading @@ -119,8 +119,8 @@ COPY patches/ ${TMP_PATCH_DIR}/ RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch # RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch # RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch Loading Loading @@ -164,10 +164,9 @@ COPY patches/ ${TMP_PATCH_DIR}/ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch # RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch # RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading
patches/003-contact-search-removal.patch +6 −6 Original line number Diff line number Diff line Loading @@ -5,14 +5,14 @@ Subject: [PATCH] remove user search icon in header tab This patch removes the top right icon enabling the global user search function available to all in nextcloud. diff --git layout.user.php layout.user.php-new --- layout.user.php 2021-06-22 14:06:34.786843164 +0530 +++ layout.user.php-new 2021-06-22 14:07:45.938569109 +0530 @@ -103,14 +103,6 @@ --- layout.user.php 2023-02-01 21:04:06.457790526 +0530 +++ layout.user.php-new 2023-02-01 21:04:35.125102888 +0530 @@ -69,14 +69,6 @@ <div class="header-right"> <div id="unified-search"></div> <div id="notifications"></div> - <div id="contactsmenu"> - <div class="icon-contacts menutoggle" tabindex="0" role="button" - <div class="menutoggle" tabindex="0" role="button" - aria-haspopup="true" aria-controls="contactsmenu-menu" aria-expanded="false"> - <span class="hidden-visually"><?php p($l->t('Contacts'));?></span> - </div> Loading @@ -21,4 +21,4 @@ diff --git layout.user.php layout.user.php-new - </div> <div id="settings"> <div id="expand" tabindex="0" role="button" class="menutoggle" aria-label="<?php p($l->t('Settings'));?>" aria-label="<?php p($l->t('Open settings menu'));?>"
patches/004-contact-search-controller-removal.patch +8 −8 Original line number Diff line number Diff line Loading @@ -5,21 +5,21 @@ Subject: [PATCH] do not return these results in user search This patch removes some results from the contact menu controller, not to leak user informations diff --git ContactsMenuController.php ContactsMenuController-new.php --- ContactsMenuController.php 2021-02-04 10:20:18.000000000 +0100 +++ ContactsMenuController-new.php 2021-02-04 10:30:13.000000000 +0100 @@ -58,7 +58,7 @@ * @return \JsonSerializable[] --- ./core/Controller/ContactsMenuController.php 2023-02-01 21:40:07.515628276 +0530 +++ ./core/Controller/ContactsMenuController-new.php 2023-02-01 21:39:07.398140201 +0530 @@ -49,7 +49,7 @@ * @throws Exception */ public function index($filter = null) { public function index(?string $filter = null): array { - return $this->manager->getEntries($this->userSession->getUser(), $filter); + return []; } /** @@ -69,11 +69,6 @@ * @return JSONResponse|\JsonSerializable @@ -59,11 +59,6 @@ * @throws Exception */ public function findOne($shareType, $shareWith) { public function findOne(int $shareType, string $shareWith) { - $contact = $this->manager->findOne($this->userSession->getUser(), $shareType, $shareWith); - - if ($contact) { Loading
patches/005-autocomplete-user-leak-core.patch +61 −61 Original line number Diff line number Diff line Loading @@ -29,17 +29,17 @@ diff --git lib/private/Collaboration/Collaborators/UserPlugin.php lib/private/Co $foundUserById = true; diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Collaboration/Collaborators/MailPlugin-new.php --- lib/private/Collaboration/Collaborators/MailPlugin.php 2022-11-23 15:20:44.460495300 +0530 +++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2022-11-23 16:55:17.540495300 +0530 @@ -36,6 +36,7 @@ use OCP\IConfig; use OCP\IGroupManager; use OCP\IUser; +use OCP\IUserManager; --- lib/private/Collaboration/Collaborators/MailPlugin.php 2023-02-01 21:43:07.661060529 +0530 +++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2023-02-01 21:51:00.382603635 +0530 @@ -39,6 +39,7 @@ use OCP\IUserSession; use OCP\Share\IShare; use OCP\Mail\IMailer; @@ -76,13 +77,15 @@ +use OCP\IUserManager; class MailPlugin implements ISearchPlugin { /* @var bool */ @@ -76,7 +77,8 @@ IGroupManager $groupManager, KnownUserService $knownUserService, IUserSession $userSession, Loading @@ -49,32 +49,31 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co $this->contactsManager = $contactsManager; $this->cloudIdManager = $cloudIdManager; $this->config = $config; $this->groupManager = $groupManager; @@ -84,6 +86,7 @@ $this->knownUserService = $knownUserService; $this->userSession = $userSession; + $this->userManager = $userManager; $this->mailer = $mailer; + $this->userManager = $userManager; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; @@ -224,27 +227,63 @@ $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; @@ -230,27 +233,61 @@ if ($exactEmailMatch) { $searchResult->markExactIdMatch($emailType); } - $result['exact'][] = [ - 'label' => $displayName, - 'uuid' => $contact['UID'], - 'name' => $contact['FN'], - 'uuid' => $contact['UID'] ?? $emailAddress, - 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, - 'shareWith' => $emailAddress, - ], - ]; + + $isUserinInstance = $this->userManager->get($emailAddress); + if ($isUserinInstance === null) { + // /e/ user is not in ecloud + + $result['exact'][] = [ + 'label' => $displayName, + 'uuid' => $contact['UID'], Loading Loading @@ -102,8 +101,8 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co } else { - $result['wide'][] = [ - 'label' => $displayName, - 'uuid' => $contact['UID'], - 'name' => $contact['FN'], - 'uuid' => $contact['UID'] ?? $emailAddress, - 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, Loading Loading @@ -140,3 +139,4 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co } } }
patches/005-autocomplete-user-leak-custom-app.patchdeleted 100644 → 0 +0 −25 Original line number Diff line number Diff line From: diroots <diroots@e.email> Date: Tue, 02 Mar 2021 15:43:12 +0100 Subject: [PATCH] filter user search results during file sharing - user_backend_sql_raw app changes This patch filter results from user search not to return users by their displayname, but only return users with full username, ie. username@ecloud_domain so no user leaks with their display name which could be username this filtering works in conjunction with the autocomplete feature disabled in nextcloud settings this patch is applied to the user_backend_sql_raw app as this application superseeds the nextcloud's core UserBackend class diff --git user_backend_sql_raw/lib/UserBackend.php user_backend_sql_raw/lib/UserBackend-new.php --- user_backend_sql_raw/lib/UserBackend.php 2020-10-06 01:56:49.000000000 +0200 +++ user_backend_sql_raw/lib/UserBackend-new.php 2021-03-02 15:43:12.615868478 +0100 @@ -108,7 +108,8 @@ // Because MariaDB can not handle string parameters for LIMIT/OFFSET we have to bind the // values "manually" instead of passing an array to execute(). This is another instance of // MariaDB making the code "uglier". - $statement->bindValue(':search', '%' . $searchString . '%', \PDO::PARAM_STR); + $statement->bindValue(':search', $searchString , \PDO::PARAM_STR); + if (isset($limit)) { $statement->bindValue(':limit', intval($limit), \PDO::PARAM_INT); } No newline at end of file
