From 35db33bcd2baf358c9fcfc3f8555d3daee2f4d15 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Sun, 19 Jul 2020 03:40:40 +0200 Subject: [PATCH] Ensure to only store valid item fields --- src/Model/Item.php | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/Model/Item.php b/src/Model/Item.php index c75286b25c..13a4a68380 100644 --- a/src/Model/Item.php +++ b/src/Model/Item.php @@ -31,6 +31,7 @@ use Friendica\Core\Session; use Friendica\Core\System; use Friendica\Core\Worker; use Friendica\Database\DBA; +use Friendica\Database\DBStructure; use Friendica\DI; use Friendica\Model\Post\Category; use Friendica\Protocol\Activity; @@ -118,8 +119,22 @@ class Item const PRIVATE = 1; const UNLISTED = 2; + const TABLES = ['item', 'user-item', 'item-content', 'post-delivery-data', 'diaspora-interaction']; + private static $legacy_mode = null; + private static function getItemFields() + { + $definition = DBStructure::definition('', false); + + $postfields = []; + foreach (self::TABLES as $table) { + $postfields[$table] = array_keys($definition[$table]['fields']); + } + + return $postfields; + } + public static function isLegacyMode() { if (is_null(self::$legacy_mode)) { @@ -1572,6 +1587,8 @@ class Item public static function insert($item, $notify = false, $dontcache = false) { + $structure = self::getItemFields(); + $orig_item = $item; $priority = PRIORITY_HIGH; @@ -1839,6 +1856,13 @@ class Item Tag::storeFromBody($item['uri-id'], $body); } + // Remove all fields that aren't part of the item table + foreach ($item as $field => $value) { + if (!in_array($field, $structure['item'])) { + unset($item[$field]); + } + } + $ret = DBA::insert('item', $item); // When the item was successfully stored we fetch the ID of the item.