From: Arthur Schiwon Date: Fri, 4 Dec 2015 10:13:39 +0000 (+0100) Subject: hardening, add some checks for whitespace-only strings X-Git-Tag: v9.0beta1~520^2~7 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0c1c0295717f0e75aa725d1c6699a68151f2c758;p=nextcloud-server.git hardening, add some checks for whitespace-only strings --- diff --git a/lib/private/comments/comment.php b/lib/private/comments/comment.php index 8efd7d5613a..15d721d099a 100644 --- a/lib/private/comments/comment.php +++ b/lib/private/comments/comment.php @@ -66,6 +66,7 @@ class Comment implements IComment { throw new \InvalidArgumentException('String expected.'); } + $id = trim($id); if($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) { $this->data['id'] = $id; return $this; @@ -95,7 +96,7 @@ class Comment implements IComment { if(!is_string($parentId)) { throw new \InvalidArgumentException('String expected.'); } - $this->data['parentId'] = $parentId; + $this->data['parentId'] = trim($parentId); return $this; } @@ -121,7 +122,7 @@ class Comment implements IComment { if(!is_string($id)) { throw new \InvalidArgumentException('String expected.'); } - $this->data['topmostParentId'] = $id; + $this->data['topmostParentId'] = trim($id); return $this; } @@ -171,7 +172,7 @@ class Comment implements IComment { if(!is_string($message)) { throw new \InvalidArgumentException('String expected.'); } - $this->data['message'] = $message; + $this->data['message'] = trim($message); return $this; } @@ -193,10 +194,10 @@ class Comment implements IComment { * @since 9.0.0 */ public function setVerb($verb) { - if(!is_string($verb)) { - throw new \InvalidArgumentException('String expected.'); + if(!is_string($verb) || empty(trim($verb))) { + throw new \InvalidArgumentException('Non-empty String expected.'); } - $this->data['verb'] = $verb; + $this->data['verb'] = trim($verb); return $this; } @@ -230,13 +231,13 @@ class Comment implements IComment { */ public function setActor($actorType, $actorId) { if( - !is_string($actorType) || empty($actorType) - || !is_string($actorId) || empty($actorId) + !is_string($actorType) || empty(trim($actorType)) + || !is_string($actorId) || empty(trim($actorId)) ) { throw new \InvalidArgumentException('String expected.'); } - $this->data['actorType'] = $actorType; - $this->data['actorId'] = $actorId; + $this->data['actorType'] = trim($actorType); + $this->data['actorId'] = trim($actorId); return $this; } @@ -316,13 +317,13 @@ class Comment implements IComment { */ public function setObject($objectType, $objectId) { if( - !is_string($objectType) || empty($objectType) - || !is_string($objectId) || empty($objectId) + !is_string($objectType) || empty(trim($objectType)) + || !is_string($objectId) || empty(trim($objectId)) ) { throw new \InvalidArgumentException('String expected.'); } - $this->data['objectType'] = $objectType; - $this->data['objectId'] = $objectId; + $this->data['objectType'] = trim($objectType); + $this->data['objectId'] = trim($objectId); return $this; } diff --git a/tests/lib/comments/comment.php b/tests/lib/comments/comment.php index f00dfd527f1..c6a8f118dd1 100644 --- a/tests/lib/comments/comment.php +++ b/tests/lib/comments/comment.php @@ -60,24 +60,24 @@ class Test_Comments_Comment extends TestCase public function simpleSetterProvider() { return [ - ['Id'], - ['ParentId'], - ['Message'], - ['Verb'], - ['ChildrenCount'], + ['Id', true], + ['ParentId', true], + ['Message', true], + ['Verb', true], + ['Verb', ''], + ['ChildrenCount', true], ]; } /** * @dataProvider simpleSetterProvider */ - public function testSimpleSetterInvalidInput($field) { + public function testSimpleSetterInvalidInput($field, $input) { $comment = new \OC\Comments\Comment(); $setter = 'set' . $field; $this->setExpectedException('InvalidArgumentException'); - // we have no field that is supposed to accept a Bool - $comment->$setter(true); + $comment->$setter($input); } public function roleSetterProvider() { @@ -85,9 +85,11 @@ class Test_Comments_Comment extends TestCase ['Actor', true, true], ['Actor', 'user', true], ['Actor', true, 'alice'], + ['Actor', ' ', ' '], ['Object', true, true], ['Object', 'file', true], ['Object', true, 'file64'], + ['Object', ' ', ' '], ]; }