From 3eda62bfa6f0bb14e5a8d810907be3ea78c2fe92 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Mon, 28 Oct 2019 18:16:10 +0100 Subject: [PATCH 1/2] Check null for acl-fields --- mod/lockview.php | 8 ++++---- src/Model/Item.php | 8 ++++---- src/Module/Item/Compose.php | 8 ++++---- src/Worker/Notifier.php | 8 ++++---- tests/src/Util/ACLFormaterTest.php | 13 +++++++++++++ 5 files changed, 29 insertions(+), 16 deletions(-) diff --git a/mod/lockview.php b/mod/lockview.php index 9f9dcfea42..af57730c8a 100644 --- a/mod/lockview.php +++ b/mod/lockview.php @@ -64,10 +64,10 @@ function lockview_content(App $a) /** @var ACLFormatter $aclFormatter */ $aclFormatter = BaseObject::getClass(ACLFormatter::class); - $allowed_users = $aclFormatter->expand($item['allow_cid']); - $allowed_groups = $aclFormatter->expand($item['allow_gid']); - $deny_users = $aclFormatter->expand($item['deny_cid']); - $deny_groups = $aclFormatter->expand($item['deny_gid']); + $allowed_users = $aclFormatter->expand($item['allow_cid'] ?? ''); + $allowed_groups = $aclFormatter->expand($item['allow_gid'] ?? ''); + $deny_users = $aclFormatter->expand($item['deny_cid'] ?? ''); + $deny_groups = $aclFormatter->expand($item['deny_gid'] ?? ''); $o = L10n::t('Visible to:') . '
'; $l = []; diff --git a/src/Model/Item.php b/src/Model/Item.php index 9501c8e5d2..e298cc1605 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -2904,10 +2904,10 @@ class Item extends BaseObject /** @var ACLFormatter $aclFormater */ $aclFormater = self::getClass(ACLFormatter::class); - $allow_people = $aclFormater->expand($obj['allow_cid']); - $allow_groups = Group::expand($obj['uid'], $aclFormater->expand($obj['allow_gid']), $check_dead); - $deny_people = $aclFormater->expand($obj['deny_cid']); - $deny_groups = Group::expand($obj['uid'], $aclFormater->expand($obj['deny_gid']), $check_dead); + $allow_people = $aclFormater->expand($obj['allow_cid'] ?? ''); + $allow_groups = Group::expand($obj['uid'], $aclFormater->expand($obj['allow_gid'] ?? ''), $check_dead); + $deny_people = $aclFormater->expand($obj['deny_cid'] ?? ''); + $deny_groups = Group::expand($obj['uid'], $aclFormater->expand($obj['deny_gid'] ?? ''), $check_dead); $recipients = array_unique(array_merge($allow_people, $allow_groups)); $deny = array_unique(array_merge($deny_people, $deny_groups)); $recipients = array_diff($recipients, $deny); diff --git a/src/Module/Item/Compose.php b/src/Module/Item/Compose.php index c44e4c61ab..0d3b4eaac2 100644 --- a/src/Module/Item/Compose.php +++ b/src/Module/Item/Compose.php @@ -74,8 +74,8 @@ class Compose extends BaseModule $compose_title = L10n::t('Compose new post'); $type = 'post'; $doesFederate = true; - $contact_allow = implode(',', $aclFormatter->expand($user['allow_cid'])); - $group_allow = implode(',', $aclFormatter->expand($user['allow_gid'])) ?: Group::FOLLOWERS; + $contact_allow = implode(',', $aclFormatter->expand($user['allow_cid'] ?? '')); + $group_allow = implode(',', $aclFormatter->expand($user['allow_gid'] ?? '')) ?: Group::FOLLOWERS; break; } @@ -86,8 +86,8 @@ class Compose extends BaseModule $wall = $_REQUEST['wall'] ?? $type == 'post'; $contact_allow = $_REQUEST['contact_allow'] ?? $contact_allow; $group_allow = $_REQUEST['group_allow'] ?? $group_allow; - $contact_deny = $_REQUEST['contact_deny'] ?? implode(',', $aclFormatter->expand($user['deny_cid'])); - $group_deny = $_REQUEST['group_deny'] ?? implode(',', $aclFormatter->expand($user['deny_gid'])); + $contact_deny = $_REQUEST['contact_deny'] ?? implode(',', $aclFormatter->expand($user['deny_cid'] ?? '')); + $group_deny = $_REQUEST['group_deny'] ?? implode(',', $aclFormatter->expand($user['deny_gid'] ?? '')); $visibility = ($contact_allow . $user['allow_gid'] . $user['deny_cid'] . $user['deny_gid']) ? 'custom' : 'public'; $acl_contacts = Contact::selectToArray(['id', 'name', 'addr', 'micro'], ['uid' => local_user(), 'pending' => false, 'rel' => [Contact::FOLLOWER, Contact::FRIEND]]); diff --git a/src/Worker/Notifier.php b/src/Worker/Notifier.php index ebc70ffb50..2b802c9e3c 100644 --- a/src/Worker/Notifier.php +++ b/src/Worker/Notifier.php @@ -276,10 +276,10 @@ class Notifier /** @var ACLFormatter $aclFormatter */ $aclFormatter = BaseObject::getClass(ACLFormatter::class); - $allow_people = $aclFormatter->expand($parent['allow_cid']); - $allow_groups = Group::expand($uid, $aclFormatter->expand($parent['allow_gid']),true); - $deny_people = $aclFormatter->expand($parent['deny_cid']); - $deny_groups = Group::expand($uid, $aclFormatter->expand($parent['deny_gid'])); + $allow_people = $aclFormatter->expand($parent['allow_cid'] ?? ''); + $allow_groups = Group::expand($uid, $aclFormatter->expand($parent['allow_gid'] ?? ''),true); + $deny_people = $aclFormatter->expand($parent['deny_cid'] ?? ''); + $deny_groups = Group::expand($uid, $aclFormatter->expand($parent['deny_gid'] ?? '')); // if our parent is a public forum (forum_mode == 1), uplink to the origional author causing // a delivery fork. private groups (forum_mode == 2) do not uplink diff --git a/tests/src/Util/ACLFormaterTest.php b/tests/src/Util/ACLFormaterTest.php index 76a566baaa..ac5b25e6c2 100644 --- a/tests/src/Util/ACLFormaterTest.php +++ b/tests/src/Util/ACLFormaterTest.php @@ -2,6 +2,7 @@ namespace Friendica\Test\src\Util; +use Error; use Friendica\Model\Group; use Friendica\Util\ACLFormatter; use PHPUnit\Framework\TestCase; @@ -162,6 +163,18 @@ class ACLFormaterTest extends TestCase $this->assertEquals(array('1', '3'), $aclFormatter->expand($text)); } + /** + * Test expected exception in case of wrong typehint + * + * @expectedException Error + */ + public function testExpandNull() + { + $aclFormatter = new ACLFormatter(); + + $aclFormatter->expand(null); + } + public function dataAclToString() { return [ From 1f535016d473b2e619ff9dc5b45c75b45be92a70 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Mon, 28 Oct 2019 21:47:43 +0100 Subject: [PATCH 2/2] Add not null/default value for ACL in fields --- database.sql | 48 ++++++++++++++++----------------- static/dbstructure.config.php | 50 +++++++++++++++++------------------ 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/database.sql b/database.sql index d42f61f902..7e1a624c2f 100644 --- a/database.sql +++ b/database.sql @@ -86,10 +86,10 @@ CREATE TABLE IF NOT EXISTS `attach` ( `data` longblob NOT NULL COMMENT 'file data', `created` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'creation time', `edited` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'last edit time', - `allow_cid` mediumtext COMMENT 'Access Control - list of allowed contact.id \'<19><78>', - `allow_gid` mediumtext COMMENT 'Access Control - list of allowed groups', - `deny_cid` mediumtext COMMENT 'Access Control - list of denied contact.id', - `deny_gid` mediumtext COMMENT 'Access Control - list of denied groups', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed contact.id \'<19><78>', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed groups', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied contact.id', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied groups', `backend-class` tinytext COMMENT 'Storage backend class', `backend-ref` text COMMENT 'Storage backend data reference', PRIMARY KEY(`id`) @@ -312,10 +312,10 @@ CREATE TABLE IF NOT EXISTS `event` ( `nofinish` boolean NOT NULL DEFAULT '0' COMMENT 'if event does have no end this is 1', `adjust` boolean NOT NULL DEFAULT '1' COMMENT 'adjust to timezone of the recipient (0 or 1)', `ignore` boolean NOT NULL DEFAULT '0' COMMENT '0 or 1', - `allow_cid` mediumtext COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', - `allow_gid` mediumtext COMMENT 'Access Control - list of allowed groups', - `deny_cid` mediumtext COMMENT 'Access Control - list of denied contact.id', - `deny_gid` mediumtext COMMENT 'Access Control - list of denied groups', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed groups', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied contact.id', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied groups', PRIMARY KEY(`id`), INDEX `uid_start` (`uid`,`start`) ) DEFAULT COLLATE utf8mb4_general_ci COMMENT='Events'; @@ -581,10 +581,10 @@ CREATE TABLE IF NOT EXISTS `item` ( `resource-id` varchar(32) NOT NULL DEFAULT '' COMMENT 'Used to link other tables to items, it identifies the linked resource (e.g. photo) and if set must also set resource_type', `event-id` int unsigned NOT NULL DEFAULT 0 COMMENT 'Used to link to the event.id', `attach` mediumtext COMMENT 'JSON structure representing attachments to this item', - `allow_cid` mediumtext COMMENT 'Deprecated', - `allow_gid` mediumtext COMMENT 'Deprecated', - `deny_cid` mediumtext COMMENT 'Deprecated', - `deny_gid` mediumtext COMMENT 'Deprecated', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Deprecated', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Deprecated', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Deprecated', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Deprecated', `postopts` text COMMENT 'Deprecated', `inform` mediumtext COMMENT 'Deprecated', `type` varchar(20) COMMENT 'Deprecated', @@ -898,10 +898,10 @@ CREATE TABLE IF NOT EXISTS `pconfig` ( CREATE TABLE IF NOT EXISTS `permissionset` ( `id` int unsigned NOT NULL auto_increment COMMENT 'sequential ID', `uid` mediumint unsigned NOT NULL DEFAULT 0 COMMENT 'Owner id of this permission set', - `allow_cid` mediumtext COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', - `allow_gid` mediumtext COMMENT 'Access Control - list of allowed groups', - `deny_cid` mediumtext COMMENT 'Access Control - list of denied contact.id', - `deny_gid` mediumtext COMMENT 'Access Control - list of denied groups', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed groups', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied contact.id', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied groups', PRIMARY KEY(`id`), INDEX `uid_allow_cid_allow_gid_deny_cid_deny_gid` (`allow_cid`(50),`allow_gid`(30),`deny_cid`(50),`deny_gid`(30)) ) DEFAULT COLLATE utf8mb4_general_ci COMMENT=''; @@ -928,10 +928,10 @@ CREATE TABLE IF NOT EXISTS `photo` ( `data` mediumblob NOT NULL COMMENT '', `scale` tinyint unsigned NOT NULL DEFAULT 0 COMMENT '', `profile` boolean NOT NULL DEFAULT '0' COMMENT '', - `allow_cid` mediumtext COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', - `allow_gid` mediumtext COMMENT 'Access Control - list of allowed groups', - `deny_cid` mediumtext COMMENT 'Access Control - list of denied contact.id', - `deny_gid` mediumtext COMMENT 'Access Control - list of denied groups', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed contact.id \'<19><78>\'', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of allowed groups', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied contact.id', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'Access Control - list of denied groups', `backend-class` tinytext COMMENT 'Storage backend class', `backend-ref` text COMMENT 'Storage backend data reference', `updated` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT '', @@ -1242,10 +1242,10 @@ CREATE TABLE IF NOT EXISTS `user` ( `account_expires_on` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'timestamp when account expires and will be deleted', `expire_notification_sent` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'timestamp of last warning of account expiration', `def_gid` int unsigned NOT NULL DEFAULT 0 COMMENT '', - `allow_cid` mediumtext COMMENT 'default permission for this user', - `allow_gid` mediumtext COMMENT 'default permission for this user', - `deny_cid` mediumtext COMMENT 'default permission for this user', - `deny_gid` mediumtext COMMENT 'default permission for this user', + `allow_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'default permission for this user', + `allow_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'default permission for this user', + `deny_cid` mediumtext NOT NULL DEFAULT '' COMMENT 'default permission for this user', + `deny_gid` mediumtext NOT NULL DEFAULT '' COMMENT 'default permission for this user', `openidserver` text COMMENT '', PRIMARY KEY(`uid`), INDEX `nickname` (`nickname`(32)) diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php index 53f8a8ed44..486f1f0e9a 100755 --- a/static/dbstructure.config.php +++ b/static/dbstructure.config.php @@ -34,7 +34,7 @@ use Friendica\Database\DBA; if (!defined('DB_UPDATE_VERSION')) { - define('DB_UPDATE_VERSION', 1323); + define('DB_UPDATE_VERSION', 1324); } return [ @@ -123,10 +123,10 @@ return [ "data" => ["type" => "longblob", "not null" => "1", "comment" => "file data"], "created" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "creation time"], "edited" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "last edit time"], - "allow_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed contact.id '<19><78>"], - "allow_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed groups"], - "deny_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied contact.id"], - "deny_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied groups"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed contact.id '<19><78>"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed groups"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied contact.id"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied groups"], "backend-class" => ["type" => "tinytext", "comment" => "Storage backend class"], "backend-ref" => ["type" => "text", "comment" => "Storage backend data reference"], ], @@ -360,10 +360,10 @@ return [ "nofinish" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "if event does have no end this is 1"], "adjust" => ["type" => "boolean", "not null" => "1", "default" => "1", "comment" => "adjust to timezone of the recipient (0 or 1)"], "ignore" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => "0 or 1"], - "allow_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], - "allow_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed groups"], - "deny_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied contact.id"], - "deny_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied groups"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed groups"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied contact.id"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied groups"], ], "indexes" => [ "PRIMARY" => ["id"], @@ -647,10 +647,10 @@ return [ // Could possibly be replaced by the "attach" table? "attach" => ["type" => "mediumtext", "comment" => "JSON structure representing attachments to this item"], // Deprecated fields. Will be removed in upcoming versions - "allow_cid" => ["type" => "mediumtext", "comment" => "Deprecated"], - "allow_gid" => ["type" => "mediumtext", "comment" => "Deprecated"], - "deny_cid" => ["type" => "mediumtext", "comment" => "Deprecated"], - "deny_gid" => ["type" => "mediumtext", "comment" => "Deprecated"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Deprecated"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Deprecated"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Deprecated"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Deprecated"], "postopts" => ["type" => "text", "comment" => "Deprecated"], "inform" => ["type" => "mediumtext", "comment" => "Deprecated"], "type" => ["type" => "varchar(20)", "comment" => "Deprecated"], @@ -982,10 +982,10 @@ return [ "fields" => [ "id" => ["type" => "int unsigned", "not null" => "1", "extra" => "auto_increment", "primary" => "1", "comment" => "sequential ID"], "uid" => ["type" => "mediumint unsigned", "not null" => "1", "default" => "0", "relation" => ["user" => "uid"], "comment" => "Owner id of this permission set"], - "allow_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], - "allow_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed groups"], - "deny_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied contact.id"], - "deny_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied groups"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed groups"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied contact.id"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied groups"], ], "indexes" => [ "PRIMARY" => ["id"], @@ -1013,10 +1013,10 @@ return [ "data" => ["type" => "mediumblob", "not null" => "1", "comment" => ""], "scale" => ["type" => "tinyint unsigned", "not null" => "1", "default" => "0", "comment" => ""], "profile" => ["type" => "boolean", "not null" => "1", "default" => "0", "comment" => ""], - "allow_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], - "allow_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of allowed groups"], - "deny_cid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied contact.id"], - "deny_gid" => ["type" => "mediumtext", "comment" => "Access Control - list of denied groups"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed contact.id '<19><78>'"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of allowed groups"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied contact.id"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "Access Control - list of denied groups"], "backend-class" => ["type" => "tinytext", "comment" => "Storage backend class"], "backend-ref" => ["type" => "text", "comment" => "Storage backend data reference"], "updated" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => ""] @@ -1343,10 +1343,10 @@ return [ "account_expires_on" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "timestamp when account expires and will be deleted"], "expire_notification_sent" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "timestamp of last warning of account expiration"], "def_gid" => ["type" => "int unsigned", "not null" => "1", "default" => "0", "comment" => ""], - "allow_cid" => ["type" => "mediumtext", "comment" => "default permission for this user"], - "allow_gid" => ["type" => "mediumtext", "comment" => "default permission for this user"], - "deny_cid" => ["type" => "mediumtext", "comment" => "default permission for this user"], - "deny_gid" => ["type" => "mediumtext", "comment" => "default permission for this user"], + "allow_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "default permission for this user"], + "allow_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "default permission for this user"], + "deny_cid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "default permission for this user"], + "deny_gid" => ["type" => "mediumtext", "not null" => "1", "default" => "", "comment" => "default permission for this user"], "openidserver" => ["type" => "text", "comment" => ""], ], "indexes" => [