summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2015-12-04 11:13:39 +0100
committerArthur Schiwon <blizzz@owncloud.com>2015-12-09 14:34:23 +0100
commit0c1c0295717f0e75aa725d1c6699a68151f2c758 (patch)
treed2b6c6ad19624fda1f1033706a717da011a11d7e
parentf9081303b1a2b1a255ec4e869b18d118977f324f (diff)
downloadnextcloud-server-0c1c0295717f0e75aa725d1c6699a68151f2c758.tar.gz
nextcloud-server-0c1c0295717f0e75aa725d1c6699a68151f2c758.zip
hardening, add some checks for whitespace-only strings
-rw-r--r--lib/private/comments/comment.php29
-rw-r--r--tests/lib/comments/comment.php18
2 files changed, 25 insertions, 22 deletions
diff --git a/lib/private/comments/comment.php b/lib/private/comments/comment.php
index 8efd7d5613a..15d721d099a 100644
--- a/lib/private/comments/comment.php
+++ b/lib/private/comments/comment.php
@@ -66,6 +66,7 @@ class Comment implements IComment {
throw new \InvalidArgumentException('String expected.');
}
+ $id = trim($id);
if($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) {
$this->data['id'] = $id;
return $this;
@@ -95,7 +96,7 @@ class Comment implements IComment {
if(!is_string($parentId)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['parentId'] = $parentId;
+ $this->data['parentId'] = trim($parentId);
return $this;
}
@@ -121,7 +122,7 @@ class Comment implements IComment {
if(!is_string($id)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['topmostParentId'] = $id;
+ $this->data['topmostParentId'] = trim($id);
return $this;
}
@@ -171,7 +172,7 @@ class Comment implements IComment {
if(!is_string($message)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['message'] = $message;
+ $this->data['message'] = trim($message);
return $this;
}
@@ -193,10 +194,10 @@ class Comment implements IComment {
* @since 9.0.0
*/
public function setVerb($verb) {
- if(!is_string($verb)) {
- throw new \InvalidArgumentException('String expected.');
+ if(!is_string($verb) || empty(trim($verb))) {
+ throw new \InvalidArgumentException('Non-empty String expected.');
}
- $this->data['verb'] = $verb;
+ $this->data['verb'] = trim($verb);
return $this;
}
@@ -230,13 +231,13 @@ class Comment implements IComment {
*/
public function setActor($actorType, $actorId) {
if(
- !is_string($actorType) || empty($actorType)
- || !is_string($actorId) || empty($actorId)
+ !is_string($actorType) || empty(trim($actorType))
+ || !is_string($actorId) || empty(trim($actorId))
) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['actorType'] = $actorType;
- $this->data['actorId'] = $actorId;
+ $this->data['actorType'] = trim($actorType);
+ $this->data['actorId'] = trim($actorId);
return $this;
}
@@ -316,13 +317,13 @@ class Comment implements IComment {
*/
public function setObject($objectType, $objectId) {
if(
- !is_string($objectType) || empty($objectType)
- || !is_string($objectId) || empty($objectId)
+ !is_string($objectType) || empty(trim($objectType))
+ || !is_string($objectId) || empty(trim($objectId))
) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['objectType'] = $objectType;
- $this->data['objectId'] = $objectId;
+ $this->data['objectType'] = trim($objectType);
+ $this->data['objectId'] = trim($objectId);
return $this;
}
diff --git a/tests/lib/comments/comment.php b/tests/lib/comments/comment.php
index f00dfd527f1..c6a8f118dd1 100644
--- a/tests/lib/comments/comment.php
+++ b/tests/lib/comments/comment.php
@@ -60,24 +60,24 @@ class Test_Comments_Comment extends TestCase
public function simpleSetterProvider() {
return [
- ['Id'],
- ['ParentId'],
- ['Message'],
- ['Verb'],
- ['ChildrenCount'],
+ ['Id', true],
+ ['ParentId', true],
+ ['Message', true],
+ ['Verb', true],
+ ['Verb', ''],
+ ['ChildrenCount', true],
];
}
/**
* @dataProvider simpleSetterProvider
*/
- public function testSimpleSetterInvalidInput($field) {
+ public function testSimpleSetterInvalidInput($field, $input) {
$comment = new \OC\Comments\Comment();
$setter = 'set' . $field;
$this->setExpectedException('InvalidArgumentException');
- // we have no field that is supposed to accept a Bool
- $comment->$setter(true);
+ $comment->$setter($input);
}
public function roleSetterProvider() {
@@ -85,9 +85,11 @@ class Test_Comments_Comment extends TestCase
['Actor', true, true],
['Actor', 'user', true],
['Actor', true, 'alice'],
+ ['Actor', ' ', ' '],
['Object', true, true],
['Object', 'file', true],
['Object', true, 'file64'],
+ ['Object', ' ', ' '],
];
}