friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Move perms2str to ACLFormatter::aclToString() 

- including new tests
This commit is contained in:
Philipp Holzer 2019-10-23 00:54:34 +02:00
parent f65f7f11c3
commit 5843a80b6c
No known key found for this signature in database
GPG Key ID: D8365C3D36B77D90
7 changed files with 122 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
include/text.php
View File

@ -5,47 +5,6 @@
use Friendica\Content\Text\BBCode; use Friendica\Content\Text\BBCode;
use Friendica\Model\FileTag; use Friendica\Model\FileTag;
use Friendica\Model\Group;
use Friendica\Util\Strings;
/**
* Wrap ACL elements in angle brackets for storage
* @param string $item
*/
function sanitise_acl(&$item) {
if (intval($item)) {
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
$item = '<' . $item . '>';
} else {
unset($item);
}
}
/**
* Convert an ACL array to a storable string
*
* Normally ACL permissions will be an array.
* We'll also allow a comma-separated string.
*
* @param string|array $p
* @return string
*/
function perms2str($p) {
$ret = '';
if (is_array($p)) {
$tmp = $p;
} else {
$tmp = explode(',', $p);
}
if (is_array($tmp)) {
array_walk($tmp, 'sanitise_acl');
$ret = implode('', $tmp);
}
return $ret;
}
/** /**
* Compare activity uri. Knows about activity namespace. * Compare activity uri. Knows about activity namespace.

14
mod/events.php
View File

@ -5,6 +5,7 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseObject;
use Friendica\Content\Nav; use Friendica\Content\Nav;
use Friendica\Content\Widget\CalendarExport; use Friendica\Content\Widget\CalendarExport;
use Friendica\Core\ACL; use Friendica\Core\ACL;
@ -18,6 +19,7 @@ use Friendica\Model\Event;
use Friendica\Model\Item; use Friendica\Model\Item;
use Friendica\Model\Profile; use Friendica\Model\Profile;
use Friendica\Module\Login; use Friendica\Module\Login;
use Friendica\Util\ACLFormatter;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings; use Friendica\Util\Strings;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
@ -146,10 +148,14 @@ function events_post(App $a)
if ($share) { if ($share) {
$str_group_allow = perms2str($_POST['group_allow'] ?? '');
$str_contact_allow = perms2str($_POST['contact_allow'] ?? ''); /** @var ACLFormatter $aclFormatter */
$str_group_deny = perms2str($_POST['group_deny'] ?? ''); $aclFormatter = BaseObject::getClass(ACLFormatter::class);
$str_contact_deny = perms2str($_POST['contact_deny'] ?? '');
$str_group_allow = $aclFormatter->aclToString($_POST['group_allow'] ?? '');
$str_contact_allow = $aclFormatter->aclToString($_POST['contact_allow'] ?? '');
$str_group_deny = $aclFormatter->aclToString($_POST['group_deny'] ?? '');
$str_contact_deny = $aclFormatter->aclToString($_POST['contact_deny'] ?? '');
// Undo the pseudo-contact of self, since there are real contacts now // Undo the pseudo-contact of self, since there are real contacts now
if (strpos($str_contact_allow, '<' . $self . '>') !== false) { if (strpos($str_contact_allow, '<' . $self . '>') !== false) {

16
mod/item.php
View File

@ -16,6 +16,7 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseObject;
use Friendica\Content\Pager; use Friendica\Content\Pager;
use Friendica\Content\Text\BBCode; use Friendica\Content\Text\BBCode;
use Friendica\Content\Text\HTML; use Friendica\Content\Text\HTML;
@ -37,6 +38,7 @@ use Friendica\Model\Photo;
use Friendica\Model\Term; use Friendica\Model\Term;
use Friendica\Protocol\Diaspora; use Friendica\Protocol\Diaspora;
use Friendica\Protocol\Email; use Friendica\Protocol\Email;
use Friendica\Util\ACLFormatter;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Emailer; use Friendica\Util\Emailer;
use Friendica\Util\Security; use Friendica\Util\Security;
@ -269,10 +271,14 @@ function item_post(App $a) {
$str_contact_deny = $user['deny_cid']; $str_contact_deny = $user['deny_cid'];
} else { } else {
// use the posted permissions // use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow'] ?? '');
$str_contact_allow = perms2str($_REQUEST['contact_allow'] ?? ''); /** @var ACLFormatter $aclFormatter */
$str_group_deny = perms2str($_REQUEST['group_deny'] ?? ''); $aclFormatter = BaseObject::getClass(ACLFormatter::class);
$str_contact_deny = perms2str($_REQUEST['contact_deny'] ?? '');
$str_group_allow = $aclFormatter->aclToString($_REQUEST['group_allow'] ?? '');
$str_contact_allow = $aclFormatter->aclToString($_REQUEST['contact_allow'] ?? '');
$str_group_deny = $aclFormatter->aclToString($_REQUEST['group_deny'] ?? '');
$str_contact_deny = $aclFormatter->aclToString($_REQUEST['contact_deny'] ?? '');
} }
$title = Strings::escapeTags(trim($_REQUEST['title'] ?? '')); $title = Strings::escapeTags(trim($_REQUEST['title'] ?? ''));
@ -500,7 +506,7 @@ function item_post(App $a) {
} }
/** @var BBCode\Video $bbCodeVideo */ /** @var BBCode\Video $bbCodeVideo */
$bbCodeVideo = \Friendica\BaseObject::getClass(BBCode\Video::class); $bbCodeVideo = BaseObject::getClass(BBCode\Video::class);
$body = $bbCodeVideo->transform($body); $body = $bbCodeVideo->transform($body);
// Fold multi-line [code] sequences // Fold multi-line [code] sequences

24
mod/photos.php
View File

@ -4,6 +4,7 @@
*/ */
use Friendica\App; use Friendica\App;
use Friendica\BaseObject;
use Friendica\Content\Feature; use Friendica\Content\Feature;
use Friendica\Content\Nav; use Friendica\Content\Nav;
use Friendica\Content\Pager; use Friendica\Content\Pager;
@ -26,6 +27,7 @@ use Friendica\Model\User;
use Friendica\Network\Probe; use Friendica\Network\Probe;
use Friendica\Object\Image; use Friendica\Object\Image;
use Friendica\Protocol\DFRN; use Friendica\Protocol\DFRN;
use Friendica\Util\ACLFormatter;
use Friendica\Util\Crypto; use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Map; use Friendica\Util\Map;
@ -296,10 +298,13 @@ function photos_post(App $a)
$albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : ''; $albname = !empty($_POST['albname']) ? Strings::escapeTags(trim($_POST['albname'])) : '';
$origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : ''; $origaname = !empty($_POST['origaname']) ? Strings::escapeTags(trim($_POST['origaname'])) : '';
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; /** @var ACLFormatter $aclFormatter */
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; $aclFormatter = BaseObject::getClass(ACLFormatter::class);
$str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; $str_group_allow = !empty($_POST['group_allow']) ? $aclFormatter->aclToString($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : '';
$str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->aclToString($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->aclToString($_POST['contact_deny']) : '';
$resource_id = $a->argv[3]; $resource_id = $a->argv[3];
@ -635,10 +640,13 @@ function photos_post(App $a)
$group_deny = $_REQUEST['group_deny'] ?? []; $group_deny = $_REQUEST['group_deny'] ?? [];
$contact_deny = $_REQUEST['contact_deny'] ?? []; $contact_deny = $_REQUEST['contact_deny'] ?? [];
$str_group_allow = perms2str(is_array($group_allow) ? $group_allow : explode(',', $group_allow)); /** @var ACLFormatter $aclFormatter */
$str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow)); $aclFormatter = BaseObject::getClass(ACLFormatter::class);
$str_group_deny = perms2str(is_array($group_deny) ? $group_deny : explode(',', $group_deny));
$str_contact_deny = perms2str(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny)); $str_group_allow = $aclFormatter->aclToString(is_array($group_allow) ? $group_allow : explode(',', $group_allow));
$str_contact_allow = $aclFormatter->aclToString(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
$str_group_deny = $aclFormatter->aclToString(is_array($group_deny) ? $group_deny : explode(',', $group_deny));
$str_contact_deny = $aclFormatter->aclToString(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny));
$ret = ['src' => '', 'filename' => '', 'filesize' => 0, 'type' => '']; $ret = ['src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''];

13
mod/settings.php
View File

@ -5,6 +5,7 @@
use Friendica\App; use Friendica\App;
use Friendica\BaseModule; use Friendica\BaseModule;
use Friendica\BaseObject;
use Friendica\Content\Feature; use Friendica\Content\Feature;
use Friendica\Content\Nav; use Friendica\Content\Nav;
use Friendica\Core\ACL; use Friendica\Core\ACL;
@ -25,6 +26,7 @@ use Friendica\Model\Group;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\Login; use Friendica\Module\Login;
use Friendica\Protocol\Email; use Friendica\Protocol\Email;
use Friendica\Util\ACLFormatter;
use Friendica\Util\Network; use Friendica\Util\Network;
use Friendica\Util\Strings; use Friendica\Util\Strings;
use Friendica\Util\Temporal; use Friendica\Util\Temporal;
@ -533,10 +535,13 @@ function settings_post(App $a)
date_default_timezone_set($timezone); date_default_timezone_set($timezone);
} }
$str_group_allow = !empty($_POST['group_allow']) ? perms2str($_POST['group_allow']) : ''; /** @var ACLFormatter $aclFormatter */
$str_contact_allow = !empty($_POST['contact_allow']) ? perms2str($_POST['contact_allow']) : ''; $aclFormatter = BaseObject::getClass(ACLFormatter::class);
$str_group_deny = !empty($_POST['group_deny']) ? perms2str($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? perms2str($_POST['contact_deny']) : ''; $str_group_allow = !empty($_POST['group_allow']) ? $aclFormatter->aclToString($_POST['group_allow']) : '';
$str_contact_allow = !empty($_POST['contact_allow']) ? $aclFormatter->aclToString($_POST['contact_allow']) : '';
$str_group_deny = !empty($_POST['group_deny']) ? $aclFormatter->aclToString($_POST['group_deny']) : '';
$str_contact_deny = !empty($_POST['contact_deny']) ? $aclFormatter->aclToString($_POST['contact_deny']) : '';
$openidserver = $a->user['openidserver']; $openidserver = $a->user['openidserver'];
//$openid = Strings::normaliseOpenID($openid); //$openid = Strings::normaliseOpenID($openid);

40
src/Util/ACLFormatter.php
View File

@ -24,4 +24,44 @@ final class ACLFormatter
return $matches[1]; return $matches[1];
} }
/**
* Wrap ACL elements in angle brackets for storage
*
* @param string $item The item to sanitise
*/
private function sanitiseAcl(string &$item) {
if (intval($item)) {
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
$item = '<' . $item . '>';
} else {
$item = '';
}
}
/**
* Convert an ACL array to a storable string
*
* Normally ACL permissions will be an array.
* We'll also allow a comma-separated string.
*
* @param string|array $permissions
*
* @return string
*/
function aclToString($permissions) {
$return = '';
if (is_array($permissions)) {
$item = $permissions;
} else {
$item = explode(',', $permissions);
}
if (is_array($item)) {
array_walk($item, [$this, 'sanitiseAcl']);
$return = implode('', $item);
}
return $return;
}
} }

36
tests/src/Util/ACLFormaterTest.php
View File

@ -161,4 +161,40 @@ class ACLFormaterTest extends TestCase
$text="<1><><3>"; $text="<1><><3>";
$this->assertEquals(array('1', '3'), $aclFormatter->expand($text)); $this->assertEquals(array('1', '3'), $aclFormatter->expand($text));
} }
public function dataAclToString()
{
return [
'empty' => [
'input' => '',
'assert' => '',
],
'string' => [
'input' => '1,2,3,4',
'assert' => '<1><2><3><4>',
],
'array' => [
'input' => [1, 2, 3, 4],
'assert' => '<1><2><3><4>',
],
'invalid' => [
'input' => [1, 'a', 3, 4],
'assert' => '<1><3><4>',
],
'invalidString' => [
'input' => 'a,bsd23,4',
'assert' => '<4>',
],
];
}
/**
* @dataProvider dataAclToString
*/
public function testAclToString($input, string $assert)
{
$aclFormatter = new ACLFormatter();
$this->assertEquals($assert, $aclFormatter->aclToString($input));
}
} }