hardening, add some checks for whitespace-only strings

diff --git a/lib/private/comments/comment.php b/lib/private/comments/comment.php
index 8efd7d5613a41e64bfdae5cc9737d2bee4fe9259..15d721d099a5fe1c497fd0b778be145eda773e79 100644 (file)
--- a/lib/private/comments/comment.php
+++ b/lib/private/comments/comment.php
@@ -66,6 +66,7 @@ class Comment implements IComment {
                        throw new \InvalidArgumentException('String expected.');
                }
 
+               $id = trim($id);
                if($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) {
                        $this->data['id'] = $id;
                        return $this;
@@ -95,7 +96,7 @@ class Comment implements IComment {
                if(!is_string($parentId)) {
                        throw new \InvalidArgumentException('String expected.');
                }
-               $this->data['parentId'] = $parentId;
+               $this->data['parentId'] = trim($parentId);
                return $this;
        }
 
@@ -121,7 +122,7 @@ class Comment implements IComment {
                if(!is_string($id)) {
                        throw new \InvalidArgumentException('String expected.');
                }
-               $this->data['topmostParentId'] = $id;
+               $this->data['topmostParentId'] = trim($id);
                return $this;
        }
 
@@ -171,7 +172,7 @@ class Comment implements IComment {
                if(!is_string($message)) {
                        throw new \InvalidArgumentException('String expected.');
                }
-               $this->data['message'] = $message;
+               $this->data['message'] = trim($message);
                return $this;
        }
 
@@ -193,10 +194,10 @@ class Comment implements IComment {
         * @since 9.0.0
         */
        public function setVerb($verb) {
-               if(!is_string($verb)) {
-                       throw new \InvalidArgumentException('String expected.');
+               if(!is_string($verb) || empty(trim($verb))) {
+                       throw new \InvalidArgumentException('Non-empty String expected.');
                }
-               $this->data['verb'] = $verb;
+               $this->data['verb'] = trim($verb);
                return $this;
        }
 
@@ -230,13 +231,13 @@ class Comment implements IComment {
         */
        public function setActor($actorType, $actorId) {
                if(
-                      !is_string($actorType) || empty($actorType)
-                   || !is_string($actorId)   || empty($actorId)
+                      !is_string($actorType) || empty(trim($actorType))
+                   || !is_string($actorId)   || empty(trim($actorId))
                ) {
                        throw new \InvalidArgumentException('String expected.');
                }
-               $this->data['actorType'] = $actorType;
-               $this->data['actorId']   = $actorId;
+               $this->data['actorType'] = trim($actorType);
+               $this->data['actorId']   = trim($actorId);
                return $this;
        }
 
@@ -316,13 +317,13 @@ class Comment implements IComment {
         */
        public function setObject($objectType, $objectId) {
                if(
-                      !is_string($objectType) || empty($objectType)
-                   || !is_string($objectId)   || empty($objectId)
+                      !is_string($objectType) || empty(trim($objectType))
+                   || !is_string($objectId)   || empty(trim($objectId))
                ) {
                        throw new \InvalidArgumentException('String expected.');
                }
-               $this->data['objectType'] = $objectType;
-               $this->data['objectId']   = $objectId;
+               $this->data['objectType'] = trim($objectType);
+               $this->data['objectId']   = trim($objectId);
                return $this;
        }
 

diff --git a/tests/lib/comments/comment.php b/tests/lib/comments/comment.php
index f00dfd527f167653d679c1a60a784605f2357f24..c6a8f118dd1f24fcb342dfebb39d034cce7a2cca 100644 (file)
--- a/tests/lib/comments/comment.php
+++ b/tests/lib/comments/comment.php
@@ -60,24 +60,24 @@ class Test_Comments_Comment extends TestCase
 
        public function simpleSetterProvider() {
                return [
-                       ['Id'],
-                       ['ParentId'],
-                       ['Message'],
-                       ['Verb'],
-                       ['ChildrenCount'],
+                       ['Id', true],
+                       ['ParentId', true],
+                       ['Message', true],
+                       ['Verb', true],
+                       ['Verb', ''],
+                       ['ChildrenCount', true],
                ];
        }
 
        /**
         * @dataProvider simpleSetterProvider
         */
-       public function testSimpleSetterInvalidInput($field) {
+       public function testSimpleSetterInvalidInput($field, $input) {
                $comment = new \OC\Comments\Comment();
                $setter = 'set' . $field;
 
                $this->setExpectedException('InvalidArgumentException');
-               // we have no field that is supposed to accept a Bool
-               $comment->$setter(true);
+               $comment->$setter($input);
        }
 
        public function roleSetterProvider() {
@@ -85,9 +85,11 @@ class Test_Comments_Comment extends TestCase
                        ['Actor', true, true],
                        ['Actor', 'user', true],
                        ['Actor', true, 'alice'],
+                       ['Actor', ' ', ' '],
                        ['Object', true, true],
                        ['Object', 'file', true],
                        ['Object', true, 'file64'],
+                       ['Object', ' ', ' '],
                ];
        }