From e300f8095deec16db79bdbd2f491cc6a432d9f47 Mon Sep 17 00:00:00 2001
From: Christophe Romain <christophe.romain@process-one.net>
Date: Tue, 5 Jul 2016 15:43:59 +0200
Subject: Fix use of like parameter in sql pubsub's requests

---
 src/nodetree_tree_sql.erl | 36 ++++++++++++++++++++++--------------
 1 file changed, 22 insertions(+), 14 deletions(-)

(limited to 'src/nodetree_tree_sql.erl')

diff --git a/src/nodetree_tree_sql.erl b/src/nodetree_tree_sql.erl
index 1ad4046cd..fb5141bf3 100644
--- a/src/nodetree_tree_sql.erl
+++ b/src/nodetree_tree_sql.erl
@@ -191,18 +191,25 @@ get_subnodes_tree(Host, Node, _From) ->
     get_subnodes_tree(Host, Node).
 
 get_subnodes_tree(Host, Node) ->
-    H = node_flat_sql:encode_host(Host),
-    N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>,
-    case catch
-	ejabberd_sql:sql_query_t(
-          ?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from "
-               "pubsub_node where host=%(H)s"
-               " and node like %(N)s escape '^'"))
-    of
-	{selected, RItems} ->
-	    [raw_to_node(Host, Item) || Item <- RItems];
-	_ ->
-	    []
+    case get_node(Host, Node) of
+	{error, _} ->
+	    [];
+	Rec ->
+	    H = node_flat_sql:encode_host(Host),
+	    N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
+	    Sub = case catch
+		ejabberd_sql:sql_query_t(
+		?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from "
+		    "pubsub_node where host=%(H)s"
+		    " and node like %(N)s escape '^'"
+		    " and type='hometree'"))
+	    of
+		{selected, RItems} ->
+		    [raw_to_node(Host, Item) || Item <- RItems];
+		_ ->
+		    []
+	    end,
+	    [Rec|Sub]
     end.
 
 create_node(Host, Node, Type, Owner, Options, Parents) ->
@@ -252,11 +259,12 @@ create_node(Host, Node, Type, Owner, Options, Parents) ->
 
 delete_node(Host, Node) ->
     H = node_flat_sql:encode_host(Host),
-    N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>,
+    N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
     Removed = get_subnodes_tree(Host, Node),
     catch ejabberd_sql:sql_query_t(
             ?SQL("delete from pubsub_node where host=%(H)s"
-               " and node like %(N)s escape '^'")),
+               " and (node=%(Node)s"
+                 " or (type = 'hometree' and node like %(N)s escape '^'))")),
     Removed.
 
 %% helpers
-- 
cgit v1.2.3