fix(comments): Check comment object

Signed-off-by: Joas Schilling <[email protected]>

Author: nickvergessen

apps/dav/lib/Comments/EntityCollection.php

@@ -77,6 +77,10 @@ public function getId() {
 	public function getChild($name) {
 		try {
 			$comment = $this->commentsManager->get($name);
+			if ($comment->getObjectType() !== $this->name
+				|| $comment->getObjectId() !== $this->id) {
+				throw new NotFound();
+			}
 			return new CommentNode(
 				$this->commentsManager,
 				$comment,
@@ -130,8 +134,9 @@ public function findChildren($limit = 0, $offset = 0, ?\DateTime $datetime = nul
 	 */
 	public function childExists($name) {
 		try {
-			$this->commentsManager->get($name);
-			return true;
+			$comment = $this->commentsManager->get($name);
+			return $comment->getObjectType() === $this->name
+				&& $comment->getObjectId() === $this->id;
 		} catch (NotFoundException $e) {
 			return false;
 		}

lib/private/DB/QueryBuilder/QueryBuilder.php

@@ -1117,6 +1117,10 @@ public function orHaving(...$having) {
 	 * @return $this This QueryBuilder instance.
 	 */
 	public function orderBy($sort, $order = null) {
+		if ($order !== null && !in_array(strtoupper((string)$order), ['ASC', 'DESC'], true)) {
+			$order = null;
+		}
+
 		$this->queryBuilder->orderBy(
 			$this->helper->quoteColumnName($sort),
 			$order
@@ -1134,6 +1138,10 @@ public function orderBy($sort, $order = null) {
 	 * @return $this This QueryBuilder instance.
 	 */
 	public function addOrderBy($sort, $order = null) {
+		if ($order !== null && !in_array(strtoupper((string)$order), ['ASC', 'DESC'], true)) {
+			$order = null;
+		}
+
 		$this->queryBuilder->addOrderBy(
 			$this->helper->quoteColumnName($sort),
 			$order

lib/private/DB/QueryBuilder/Sharded/ShardedQueryBuilder.php

@@ -276,13 +276,21 @@ public function setFirstResult($firstResult) {
 	}
 
 	public function addOrderBy($sort, $order = null) {
-		$this->registerOrder((string)$sort, (string)$order ?? 'ASC');
+		if ($order !== null && !in_array(strtoupper((string)$order), ['ASC', 'DESC'], true)) {
+			$order = null;
+		}
+
+		$this->registerOrder((string)$sort, (string)($order ?? 'ASC'));
 		return parent::addOrderBy($sort, $order);
 	}
 
 	public function orderBy($sort, $order = null) {
+		if ($order !== null && !in_array(strtoupper((string)$order), ['ASC', 'DESC'], true)) {
+			$order = null;
+		}
+
 		$this->sortList = [];
-		$this->registerOrder((string)$sort, (string)$order ?? 'ASC');
+		$this->registerOrder((string)$sort, (string)($order ?? 'ASC'));
 		return parent::orderBy($sort, $order);
 	}