aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/comments
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2015-12-04 11:13:39 +0100
committerArthur Schiwon <blizzz@owncloud.com>2015-12-09 14:34:23 +0100
commit0c1c0295717f0e75aa725d1c6699a68151f2c758 (patch)
treed2b6c6ad19624fda1f1033706a717da011a11d7e /lib/private/comments
parentf9081303b1a2b1a255ec4e869b18d118977f324f (diff)
downloadnextcloud-server-0c1c0295717f0e75aa725d1c6699a68151f2c758.tar.gz
nextcloud-server-0c1c0295717f0e75aa725d1c6699a68151f2c758.zip
hardening, add some checks for whitespace-only strings
Diffstat (limited to 'lib/private/comments')
-rw-r--r--lib/private/comments/comment.php29
1 files changed, 15 insertions, 14 deletions
diff --git a/lib/private/comments/comment.php b/lib/private/comments/comment.php
index 8efd7d5613a..15d721d099a 100644
--- a/lib/private/comments/comment.php
+++ b/lib/private/comments/comment.php
@@ -66,6 +66,7 @@ class Comment implements IComment {
throw new \InvalidArgumentException('String expected.');
}
+ $id = trim($id);
if($this->data['id'] === '' || ($this->data['id'] !== '' && $id === '')) {
$this->data['id'] = $id;
return $this;
@@ -95,7 +96,7 @@ class Comment implements IComment {
if(!is_string($parentId)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['parentId'] = $parentId;
+ $this->data['parentId'] = trim($parentId);
return $this;
}
@@ -121,7 +122,7 @@ class Comment implements IComment {
if(!is_string($id)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['topmostParentId'] = $id;
+ $this->data['topmostParentId'] = trim($id);
return $this;
}
@@ -171,7 +172,7 @@ class Comment implements IComment {
if(!is_string($message)) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['message'] = $message;
+ $this->data['message'] = trim($message);
return $this;
}
@@ -193,10 +194,10 @@ class Comment implements IComment {
* @since 9.0.0
*/
public function setVerb($verb) {
- if(!is_string($verb)) {
- throw new \InvalidArgumentException('String expected.');
+ if(!is_string($verb) || empty(trim($verb))) {
+ throw new \InvalidArgumentException('Non-empty String expected.');
}
- $this->data['verb'] = $verb;
+ $this->data['verb'] = trim($verb);
return $this;
}
@@ -230,13 +231,13 @@ class Comment implements IComment {
*/
public function setActor($actorType, $actorId) {
if(
- !is_string($actorType) || empty($actorType)
- || !is_string($actorId) || empty($actorId)
+ !is_string($actorType) || empty(trim($actorType))
+ || !is_string($actorId) || empty(trim($actorId))
) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['actorType'] = $actorType;
- $this->data['actorId'] = $actorId;
+ $this->data['actorType'] = trim($actorType);
+ $this->data['actorId'] = trim($actorId);
return $this;
}
@@ -316,13 +317,13 @@ class Comment implements IComment {
*/
public function setObject($objectType, $objectId) {
if(
- !is_string($objectType) || empty($objectType)
- || !is_string($objectId) || empty($objectId)
+ !is_string($objectType) || empty(trim($objectType))
+ || !is_string($objectId) || empty(trim($objectId))
) {
throw new \InvalidArgumentException('String expected.');
}
- $this->data['objectType'] = $objectType;
- $this->data['objectId'] = $objectId;
+ $this->data['objectType'] = trim($objectType);
+ $this->data['objectId'] = trim($objectId);
return $this;
}