From 5843a80b6c952e9f788656e7fe0f88f9b1500a6b Mon Sep 17 00:00:00 2001
From: Philipp Holzer <admin+github@philipp.info>
Date: Wed, 23 Oct 2019 00:54:34 +0200
Subject: [PATCH] Move perms2str to ACLFormatter::aclToString() - including new
 tests

---
 include/text.php                   | 41 ------------------------------
 mod/events.php                     | 14 +++++++---
 mod/item.php                       | 16 ++++++++----
 mod/photos.php                     | 24 +++++++++++------
 mod/settings.php                   | 13 +++++++---
 src/Util/ACLFormatter.php          | 40 +++++++++++++++++++++++++++++
 tests/src/Util/ACLFormaterTest.php | 36 ++++++++++++++++++++++++++
 7 files changed, 122 insertions(+), 62 deletions(-)

diff --git a/include/text.php b/include/text.php
index 289802136c..13300c1e10 100644
--- a/include/text.php
+++ b/include/text.php
@@ -5,47 +5,6 @@
 
 use Friendica\Content\Text\BBCode;
 use Friendica\Model\FileTag;
-use Friendica\Model\Group;
-use Friendica\Util\Strings;
-
-/**
- * Wrap ACL elements in angle brackets for storage
- * @param string $item
- */
-function sanitise_acl(&$item) {
-	if (intval($item)) {
-		$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
-	} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
-		$item = '<' . $item . '>';
-	} else {
-		unset($item);
-	}
-}
-
-
-/**
- * Convert an ACL array to a storable string
- *
- * Normally ACL permissions will be an array.
- * We'll also allow a comma-separated string.
- *
- * @param string|array $p
- * @return string
- */
-function perms2str($p) {
-	$ret = '';
-	if (is_array($p)) {
-		$tmp = $p;
-	} else {
-		$tmp = explode(',', $p);
-	}
-
-	if (is_array($tmp)) {
-		array_walk($tmp, 'sanitise_acl');
-		$ret = implode('', $tmp);
-	}
-	return $ret;
-}
 
 /**
  * Compare activity uri. Knows about activity namespace.
diff --git a/mod/events.php b/mod/events.php
index 649a25ab1b..75cbc6b431 100644
--- a/mod/events.php
+++ b/mod/events.php
@@ -5,6 +5,7 @@
  */
 
 use Friendica\App;
+use Friendica\BaseObject;
 use Friendica\Content\Nav;
 use Friendica\Content\Widget\CalendarExport;
 use Friendica\Core\ACL;
@@ -18,6 +19,7 @@ use Friendica\Model\Event;
 use Friendica\Model\Item;
 use Friendica\Model\Profile;
 use Friendica\Module\Login;
+use Friendica\Util\ACLFormatter;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
@@ -146,10 +148,14 @@ function events_post(App $a)
 
 
 	if ($share) {
-		$str_group_allow   = perms2str($_POST['group_allow']   ?? '');
-		$str_contact_allow = perms2str($_POST['contact_allow'] ?? '');
-		$str_group_deny    = perms2str($_POST['group_deny']    ?? '');
-		$str_contact_deny  = perms2str($_POST['contact_deny']  ?? '');
+
+		/** @var ACLFormatter $aclFormatter */
+		$aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+		$str_group_allow   = $aclFormatter->aclToString($_POST['group_allow']   ?? '');
+		$str_contact_allow = $aclFormatter->aclToString($_POST['contact_allow'] ?? '');
+		$str_group_deny    = $aclFormatter->aclToString($_POST['group_deny']    ?? '');
+		$str_contact_deny  = $aclFormatter->aclToString($_POST['contact_deny']  ?? '');
 
 		// Undo the pseudo-contact of self, since there are real contacts now
 		if (strpos($str_contact_allow, '<' . $self . '>') !== false) {
diff --git a/mod/item.php b/mod/item.php
index c9a33cc206..5539e28c67 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -16,6 +16,7 @@
  */
 
 use Friendica\App;
+use Friendica\BaseObject;
 use Friendica\Content\Pager;
 use Friendica\Content\Text\BBCode;
 use Friendica\Content\Text\HTML;
@@ -37,6 +38,7 @@ use Friendica\Model\Photo;
 use Friendica\Model\Term;
 use Friendica\Protocol\Diaspora;
 use Friendica\Protocol\Email;
+use Friendica\Util\ACLFormatter;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Emailer;
 use Friendica\Util\Security;
@@ -269,10 +271,14 @@ function item_post(App $a) {
 			$str_contact_deny  = $user['deny_cid'];
 		} else {
 			// use the posted permissions
-			$str_group_allow   = perms2str($_REQUEST['group_allow'] ?? '');
-			$str_contact_allow = perms2str($_REQUEST['contact_allow'] ?? '');
-			$str_group_deny    = perms2str($_REQUEST['group_deny'] ?? '');
-			$str_contact_deny  = perms2str($_REQUEST['contact_deny'] ?? '');
+
+			/** @var ACLFormatter $aclFormatter */
+			$aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+			$str_group_allow   = $aclFormatter->aclToString($_REQUEST['group_allow'] ?? '');
+			$str_contact_allow = $aclFormatter->aclToString($_REQUEST['contact_allow'] ?? '');
+			$str_group_deny    = $aclFormatter->aclToString($_REQUEST['group_deny'] ?? '');
+			$str_contact_deny  = $aclFormatter->aclToString($_REQUEST['contact_deny'] ?? '');
 		}
 
 		$title             = Strings::escapeTags(trim($_REQUEST['title']    ?? ''));
@@ -500,7 +506,7 @@ function item_post(App $a) {
 	}
 
 	/** @var BBCode\Video $bbCodeVideo */
-	$bbCodeVideo = \Friendica\BaseObject::getClass(BBCode\Video::class);
+	$bbCodeVideo = BaseObject::getClass(BBCode\Video::class);
 	$body =  $bbCodeVideo->transform($body);
 
 	// Fold multi-line [code] sequences
diff --git a/mod/photos.php b/mod/photos.php
index 1789c0710e..528f78b614 100644
--- a/mod/photos.php
+++ b/mod/photos.php
@@ -4,6 +4,7 @@
  */
 
 use Friendica\App;
+use Friendica\BaseObject;
 use Friendica\Content\Feature;
 use Friendica\Content\Nav;
 use Friendica\Content\Pager;
@@ -26,6 +27,7 @@ use Friendica\Model\User;
 use Friendica\Network\Probe;
 use Friendica\Object\Image;
 use Friendica\Protocol\DFRN;
+use Friendica\Util\ACLFormatter;
 use Friendica\Util\Crypto;
 use Friendica\Util\DateTimeFormat;
 use Friendica\Util\Map;
@@ -296,10 +298,13 @@ function photos_post(App $a)
 		$albname     = !empty($_POST['albname'])   ? Strings::escapeTags(trim($_POST['albname']))   : '';
 		$origaname   = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
 
-		$str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
-		$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
-		$str_group_deny    = !empty($_POST['group_deny'])    ? perms2str($_POST['group_deny'])    : '';
-		$str_contact_deny  = !empty($_POST['contact_deny'])  ? perms2str($_POST['contact_deny'])  : '';
+		/** @var ACLFormatter $aclFormatter */
+		$aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+		$str_group_allow   = !empty($_POST['group_allow'])   ? $aclFormatter->aclToString($_POST['group_allow'])   : '';
+		$str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : '';
+		$str_group_deny    = !empty($_POST['group_deny'])    ? $aclFormatter->aclToString($_POST['group_deny'])    : '';
+		$str_contact_deny  = !empty($_POST['contact_deny'])  ? $aclFormatter->aclToString($_POST['contact_deny'])  : '';
 
 		$resource_id = $a->argv[3];
 
@@ -635,10 +640,13 @@ function photos_post(App $a)
 	$group_deny    = $_REQUEST['group_deny']    ?? [];
 	$contact_deny  = $_REQUEST['contact_deny']  ?? [];
 
-	$str_group_allow   = perms2str(is_array($group_allow)   ? $group_allow   : explode(',', $group_allow));
-	$str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
-	$str_group_deny    = perms2str(is_array($group_deny)    ? $group_deny    : explode(',', $group_deny));
-	$str_contact_deny  = perms2str(is_array($contact_deny)  ? $contact_deny  : explode(',', $contact_deny));
+	/** @var ACLFormatter $aclFormatter */
+	$aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+	$str_group_allow   = $aclFormatter->aclToString(is_array($group_allow)   ? $group_allow   : explode(',', $group_allow));
+	$str_contact_allow = $aclFormatter->aclToString(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
+	$str_group_deny    = $aclFormatter->aclToString(is_array($group_deny)    ? $group_deny    : explode(',', $group_deny));
+	$str_contact_deny  = $aclFormatter->aclToString(is_array($contact_deny)  ? $contact_deny  : explode(',', $contact_deny));
 
 	$ret = ['src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''];
 
diff --git a/mod/settings.php b/mod/settings.php
index b5011881cb..3ab3d6212e 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -5,6 +5,7 @@
 
 use Friendica\App;
 use Friendica\BaseModule;
+use Friendica\BaseObject;
 use Friendica\Content\Feature;
 use Friendica\Content\Nav;
 use Friendica\Core\ACL;
@@ -25,6 +26,7 @@ use Friendica\Model\Group;
 use Friendica\Model\User;
 use Friendica\Module\Login;
 use Friendica\Protocol\Email;
+use Friendica\Util\ACLFormatter;
 use Friendica\Util\Network;
 use Friendica\Util\Strings;
 use Friendica\Util\Temporal;
@@ -533,10 +535,13 @@ function settings_post(App $a)
 		date_default_timezone_set($timezone);
 	}
 
-	$str_group_allow   = !empty($_POST['group_allow'])   ? perms2str($_POST['group_allow'])   : '';
-	$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : '';
-	$str_group_deny    = !empty($_POST['group_deny'])    ? perms2str($_POST['group_deny'])    : '';
-	$str_contact_deny  = !empty($_POST['contact_deny'])  ? perms2str($_POST['contact_deny'])  : '';
+	/** @var ACLFormatter $aclFormatter */
+	$aclFormatter = BaseObject::getClass(ACLFormatter::class);
+
+	$str_group_allow   = !empty($_POST['group_allow'])   ? $aclFormatter->aclToString($_POST['group_allow'])   : '';
+	$str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : '';
+	$str_group_deny    = !empty($_POST['group_deny'])    ? $aclFormatter->aclToString($_POST['group_deny'])    : '';
+	$str_contact_deny  = !empty($_POST['contact_deny'])  ? $aclFormatter->aclToString($_POST['contact_deny'])  : '';
 
 	$openidserver = $a->user['openidserver'];
 	//$openid = Strings::normaliseOpenID($openid);
diff --git a/src/Util/ACLFormatter.php b/src/Util/ACLFormatter.php
index 4e3d32b157..e724a89487 100644
--- a/src/Util/ACLFormatter.php
+++ b/src/Util/ACLFormatter.php
@@ -24,4 +24,44 @@ final class ACLFormatter
 
 		return $matches[1];
 	}
+
+	/**
+	 * Wrap ACL elements in angle brackets for storage
+	 *
+	 * @param string $item The item to sanitise
+	 */
+	private function sanitiseAcl(string &$item) {
+		if (intval($item)) {
+			$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
+		} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
+			$item = '<' . $item . '>';
+		} else {
+			$item = '';
+		}
+	}
+
+	/**
+	 * Convert an ACL array to a storable string
+	 *
+	 * Normally ACL permissions will be an array.
+	 * We'll also allow a comma-separated string.
+	 *
+	 * @param string|array $permissions
+	 *
+	 * @return string
+	 */
+	function aclToString($permissions) {
+		$return = '';
+		if (is_array($permissions)) {
+			$item = $permissions;
+		} else {
+			$item = explode(',', $permissions);
+		}
+
+		if (is_array($item)) {
+			array_walk($item, [$this, 'sanitiseAcl']);
+			$return = implode('', $item);
+		}
+		return $return;
+	}
 }
diff --git a/tests/src/Util/ACLFormaterTest.php b/tests/src/Util/ACLFormaterTest.php
index c3cfb70514..19332f4953 100644
--- a/tests/src/Util/ACLFormaterTest.php
+++ b/tests/src/Util/ACLFormaterTest.php
@@ -161,4 +161,40 @@ class ACLFormaterTest extends TestCase
 		$text="<1><><3>";
 		$this->assertEquals(array('1', '3'), $aclFormatter->expand($text));
 	}
+
+	public function dataAclToString()
+	{
+		return [
+			'empty'   => [
+				'input'  => '',
+				'assert' => '',
+			],
+			'string'  => [
+				'input'  => '1,2,3,4',
+				'assert' => '<1><2><3><4>',
+			],
+			'array'   => [
+				'input'  => [1, 2, 3, 4],
+				'assert' => '<1><2><3><4>',
+			],
+			'invalid' => [
+				'input'  => [1, 'a', 3, 4],
+				'assert' => '<1><3><4>',
+			],
+			'invalidString' => [
+				'input'  => 'a,bsd23,4',
+				'assert' => '<4>',
+			],
+		];
+	}
+
+	/**
+	 * @dataProvider dataAclToString
+	 */
+	public function testAclToString($input, string $assert)
+	{
+		$aclFormatter = new ACLFormatter();
+
+		$this->assertEquals($assert, $aclFormatter->aclToString($input));
+	}
 }