diff --git a/include/text.php b/include/text.php index 289802136c..13300c1e10 100644 --- a/include/text.php +++ b/include/text.php @@ -5,47 +5,6 @@ use Friendica\Content\Text\BBCode; use Friendica\Model\FileTag; -use Friendica\Model\Group; -use Friendica\Util\Strings; - -/** - * Wrap ACL elements in angle brackets for storage - * @param string $item - */ -function sanitise_acl(&$item) { - if (intval($item)) { - $item = '<' . intval(Strings::escapeTags(trim($item))) . '>'; - } elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) { - $item = '<' . $item . '>'; - } else { - unset($item); - } -} - - -/** - * Convert an ACL array to a storable string - * - * Normally ACL permissions will be an array. - * We'll also allow a comma-separated string. - * - * @param string|array $p - * @return string - */ -function perms2str($p) { - $ret = ''; - if (is_array($p)) { - $tmp = $p; - } else { - $tmp = explode(',', $p); - } - - if (is_array($tmp)) { - array_walk($tmp, 'sanitise_acl'); - $ret = implode('', $tmp); - } - return $ret; -} /** * Compare activity uri. Knows about activity namespace. diff --git a/mod/events.php b/mod/events.php index 649a25ab1b..75cbc6b431 100644 --- a/mod/events.php +++ b/mod/events.php @@ -5,6 +5,7 @@ */ use Friendica\App; +use Friendica\BaseObject; use Friendica\Content\Nav; use Friendica\Content\Widget\CalendarExport; use Friendica\Core\ACL; @@ -18,6 +19,7 @@ use Friendica\Model\Event; use Friendica\Model\Item; use Friendica\Model\Profile; use Friendica\Module\Login; +use Friendica\Util\ACLFormatter; use Friendica\Util\DateTimeFormat; use Friendica\Util\Strings; use Friendica\Util\Temporal; @@ -146,10 +148,14 @@ function events_post(App $a) if ($share) { - $str_group_allow = perms2str($_POST['group_allow'] ?? ''); - $str_contact_allow = perms2str($_POST['contact_allow'] ?? ''); - $str_group_deny = perms2str($_POST['group_deny'] ?? ''); - $str_contact_deny = perms2str($_POST['contact_deny'] ?? ''); + + /** @var ACLFormatter $aclFormatter */ + $aclFormatter = BaseObject::getClass(ACLFormatter::class); + + $str_group_allow = $aclFormatter->aclToString($_POST['group_allow'] ?? ''); + $str_contact_allow = $aclFormatter->aclToString($_POST['contact_allow'] ?? ''); + $str_group_deny = $aclFormatter->aclToString($_POST['group_deny'] ?? ''); + $str_contact_deny = $aclFormatter->aclToString($_POST['contact_deny'] ?? ''); // Undo the pseudo-contact of self, since there are real contacts now if (strpos($str_contact_allow, '<' . $self . '>') !== false) { diff --git a/mod/item.php b/mod/item.php index c9a33cc206..5539e28c67 100644 --- a/mod/item.php +++ b/mod/item.php @@ -16,6 +16,7 @@ */ use Friendica\App; +use Friendica\BaseObject; use Friendica\Content\Pager; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; @@ -37,6 +38,7 @@ use Friendica\Model\Photo; use Friendica\Model\Term; use Friendica\Protocol\Diaspora; use Friendica\Protocol\Email; +use Friendica\Util\ACLFormatter; use Friendica\Util\DateTimeFormat; use Friendica\Util\Emailer; use Friendica\Util\Security; @@ -269,10 +271,14 @@ function item_post(App $a) { $str_contact_deny = $user['deny_cid']; } else { // use the posted permissions - $str_group_allow = perms2str($_REQUEST['group_allow'] ?? ''); - $str_contact_allow = perms2str($_REQUEST['contact_allow'] ?? ''); - $str_group_deny = perms2str($_REQUEST['group_deny'] ?? ''); - $str_contact_deny = perms2str($_REQUEST['contact_deny'] ?? ''); + + /** @var ACLFormatter $aclFormatter */ + $aclFormatter = BaseObject::getClass(ACLFormatter::class); + + $str_group_allow = $aclFormatter->aclToString($_REQUEST['group_allow'] ?? ''); + $str_contact_allow = $aclFormatter->aclToString($_REQUEST['contact_allow'] ?? ''); + $str_group_deny = $aclFormatter->aclToString($_REQUEST['group_deny'] ?? ''); + $str_contact_deny = $aclFormatter->aclToString($_REQUEST['contact_deny'] ?? ''); } $title = Strings::escapeTags(trim($_REQUEST['title'] ?? '')); @@ -500,7 +506,7 @@ function item_post(App $a) { } /** @var BBCode\Video $bbCodeVideo */ - $bbCodeVideo = \Friendica\BaseObject::getClass(BBCode\Video::class); + $bbCodeVideo = BaseObject::getClass(BBCode\Video::class); $body = $bbCodeVideo->transform($body); // Fold multi-line [code] sequences diff --git a/mod/photos.php b/mod/photos.php index 1789c0710e..528f78b614 100644 --- a/mod/photos.php +++ b/mod/photos.php @@ -4,6 +4,7 @@ */ use Friendica\App; +use Friendica\BaseObject; use Friendica\Content\Feature; use Friendica\Content\Nav; use Friendica\Content\Pager; @@ -26,6 +27,7 @@ use Friendica\Model\User; use Friendica\Network\Probe; use Friendica\Object\Image; use Friendica\Protocol\DFRN; +use Friendica\Util\ACLFormatter; use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Map; @@ -296,10 +298,13 @@ function photos_post(App $a) $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; - $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; - $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; - $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : ''; - $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; + /** @var ACLFormatter $aclFormatter */ + $aclFormatter = BaseObject::getClass(ACLFormatter::class); + + $str_group_allow = !empty($_POST['group_allow']) ? $aclFormatter->aclToString($_POST['group_allow']) : ''; + $str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : ''; + $str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->aclToString($_POST['group_deny']) : ''; + $str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->aclToString($_POST['contact_deny']) : ''; $resource_id = $a->argv[3]; @@ -635,10 +640,13 @@ function photos_post(App $a) $group_deny = $_REQUEST['group_deny'] ?? []; $contact_deny = $_REQUEST['contact_deny'] ?? []; - $str_group_allow = perms2str(is_array($group_allow) ? $group_allow : explode(',', $group_allow)); - $str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow)); - $str_group_deny = perms2str(is_array($group_deny) ? $group_deny : explode(',', $group_deny)); - $str_contact_deny = perms2str(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny)); + /** @var ACLFormatter $aclFormatter */ + $aclFormatter = BaseObject::getClass(ACLFormatter::class); + + $str_group_allow = $aclFormatter->aclToString(is_array($group_allow) ? $group_allow : explode(',', $group_allow)); + $str_contact_allow = $aclFormatter->aclToString(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow)); + $str_group_deny = $aclFormatter->aclToString(is_array($group_deny) ? $group_deny : explode(',', $group_deny)); + $str_contact_deny = $aclFormatter->aclToString(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny)); $ret = ['src' => '', 'filename' => '', 'filesize' => 0, 'type' => '']; diff --git a/mod/settings.php b/mod/settings.php index b5011881cb..3ab3d6212e 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -5,6 +5,7 @@ use Friendica\App; use Friendica\BaseModule; +use Friendica\BaseObject; use Friendica\Content\Feature; use Friendica\Content\Nav; use Friendica\Core\ACL; @@ -25,6 +26,7 @@ use Friendica\Model\Group; use Friendica\Model\User; use Friendica\Module\Login; use Friendica\Protocol\Email; +use Friendica\Util\ACLFormatter; use Friendica\Util\Network; use Friendica\Util\Strings; use Friendica\Util\Temporal; @@ -533,10 +535,13 @@ function settings_post(App $a) date_default_timezone_set($timezone); } - $str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; - $str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; - $str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : ''; - $str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; + /** @var ACLFormatter $aclFormatter */ + $aclFormatter = BaseObject::getClass(ACLFormatter::class); + + $str_group_allow = !empty($_POST['group_allow']) ? $aclFormatter->aclToString($_POST['group_allow']) : ''; + $str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : ''; + $str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->aclToString($_POST['group_deny']) : ''; + $str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->aclToString($_POST['contact_deny']) : ''; $openidserver = $a->user['openidserver']; //$openid = Strings::normaliseOpenID($openid); diff --git a/src/Util/ACLFormatter.php b/src/Util/ACLFormatter.php index 4e3d32b157..e724a89487 100644 --- a/src/Util/ACLFormatter.php +++ b/src/Util/ACLFormatter.php @@ -24,4 +24,44 @@ final class ACLFormatter return $matches[1]; } + + /** + * Wrap ACL elements in angle brackets for storage + * + * @param string $item The item to sanitise + */ + private function sanitiseAcl(string &$item) { + if (intval($item)) { + $item = '<' . intval(Strings::escapeTags(trim($item))) . '>'; + } elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) { + $item = '<' . $item . '>'; + } else { + $item = ''; + } + } + + /** + * Convert an ACL array to a storable string + * + * Normally ACL permissions will be an array. + * We'll also allow a comma-separated string. + * + * @param string|array $permissions + * + * @return string + */ + function aclToString($permissions) { + $return = ''; + if (is_array($permissions)) { + $item = $permissions; + } else { + $item = explode(',', $permissions); + } + + if (is_array($item)) { + array_walk($item, [$this, 'sanitiseAcl']); + $return = implode('', $item); + } + return $return; + } } diff --git a/tests/src/Util/ACLFormaterTest.php b/tests/src/Util/ACLFormaterTest.php index c3cfb70514..19332f4953 100644 --- a/tests/src/Util/ACLFormaterTest.php +++ b/tests/src/Util/ACLFormaterTest.php @@ -161,4 +161,40 @@ class ACLFormaterTest extends TestCase $text="<1><><3>"; $this->assertEquals(array('1', '3'), $aclFormatter->expand($text)); } + + public function dataAclToString() + { + return [ + 'empty' => [ + 'input' => '', + 'assert' => '', + ], + 'string' => [ + 'input' => '1,2,3,4', + 'assert' => '<1><2><3><4>', + ], + 'array' => [ + 'input' => [1, 2, 3, 4], + 'assert' => '<1><2><3><4>', + ], + 'invalid' => [ + 'input' => [1, 'a', 3, 4], + 'assert' => '<1><3><4>', + ], + 'invalidString' => [ + 'input' => 'a,bsd23,4', + 'assert' => '<4>', + ], + ]; + } + + /** + * @dataProvider dataAclToString + */ + public function testAclToString($input, string $assert) + { + $aclFormatter = new ACLFormatter(); + + $this->assertEquals($assert, $aclFormatter->aclToString($input)); + } }