diff options
author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-14 01:24:51 +0000 |
---|---|---|
committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2011-02-14 01:24:51 +0000 |
commit | c6fa7b510dc938a14ddd1d2ecf2c98017924b9da (patch) | |
tree | f8f9c28b7040cea9ad9fc1e9e4c4ee6d7dca2d58 | |
parent | d3c49d7ee73a6f0bc680868147cc68cccba611a9 (diff) | |
download | elgg-c6fa7b510dc938a14ddd1d2ecf2c98017924b9da.tar.gz elgg-c6fa7b510dc938a14ddd1d2ecf2c98017924b9da.tar.bz2 |
Refs #2912. Added checks for constraints in dangerous functions. Unit tests no longer remove all metadata/annotations.
git-svn-id: http://code.elgg.org/elgg/trunk@8215 36083f99-b078-4883-b0ff-0f9b5a30f544
-rw-r--r-- | engine/lib/annotations.php | 4 | ||||
-rw-r--r-- | engine/lib/deprecated-1.8.php | 2 | ||||
-rw-r--r-- | engine/lib/elgglib.php | 55 | ||||
-rw-r--r-- | engine/lib/metadata.php | 6 | ||||
-rw-r--r-- | engine/tests/api/metastrings.php | 53 | ||||
-rw-r--r-- | mod/pages/views/default/object/page_top.php | 1 |
6 files changed, 116 insertions, 5 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 9b3b49626..d4483ab82 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -200,7 +200,7 @@ function elgg_get_annotations(array $options = array()) { * @since 1.8 */ function elgg_delete_annotations(array $options) { - if (!$options || !is_array($options)) { + if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) { return false; } @@ -218,7 +218,7 @@ function elgg_delete_annotations(array $options) { * @since 1.8 */ function elgg_disable_annotations(array $options) { - if (!$options || !is_array($options)) { + if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) { return false; } diff --git a/engine/lib/deprecated-1.8.php b/engine/lib/deprecated-1.8.php index f86d94621..431e32a23 100644 --- a/engine/lib/deprecated-1.8.php +++ b/engine/lib/deprecated-1.8.php @@ -3630,7 +3630,7 @@ function clear_metadata_by_owner($owner_guid) { if (!$owner_guid) { return false; } - return elgg_delete_metadata(array('metadata_owner' => $owner_guid, 'limit' => 0)); + return elgg_delete_metadata(array('metadata_owner_guid' => $owner_guid, 'limit' => 0)); } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index a00b21c52..95330844d 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1726,6 +1726,61 @@ function elgg_batch_delete_callback($object) { } /** + * Checks if there are some constraints on the options array for + * potentially dangerous operations. + * + * @param array $options Options array + * @param string $type Options type: metadata or annotations + * @return bool + */ +function elgg_is_valid_options_for_batch_operation($options, $type) { + if (!$options || !is_array($options)) { + return false; + } + + // at least one of these is required. + $required = array( + // generic restraints + 'guid', 'guids', 'limit' + ); + + switch ($type) { + case 'metadata': + $metadata_required = array( + 'metadata_owner_guid', 'metadata_owner_guids', + 'metadata_name', 'metadata_names', + 'metadata_value', 'metadata_values' + ); + + $required = array_merge($required, $metadata_required); + break; + + case 'annotations': + case 'annotation': + $annotations_required = array( + 'annotation_owner_guid', 'annotation_owner_guids', + 'annotation_name', 'annotation_names', + 'annotation_value', 'annotation_values' + ); + + $required = array_merge($required, $annotations_required); + break; + + default: + return false; + } + + foreach ($required as $key) { + // check that it exists and is something. + if (isset($options[$key]) && $options[$key]) { + return true; + } + } + + return false; +} + +/** * Intercepts the index page when Walled Garden mode is enabled. * * @link http://docs.elgg.org/Tutorials/WalledGarden diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 8a62929d5..c3aebb111 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -281,13 +281,15 @@ function elgg_get_metadata(array $options = array()) { * Deletes metadata based on $options. * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! + * This requires some constraints: metadata_owner_guid(s), + * metadata_name(s), metadata_value(s), or limit must be set. * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8 */ function elgg_delete_metadata(array $options) { - if (!$options || !is_array($options)) { + if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) { return false; } @@ -305,7 +307,7 @@ function elgg_delete_metadata(array $options) { * @since 1.8 */ function elgg_disable_metadata(array $options) { - if (!$options || !is_array($options)) { + if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) { return false; } diff --git a/engine/tests/api/metastrings.php b/engine/tests/api/metastrings.php index c18e42eb8..9d089f804 100644 --- a/engine/tests/api/metastrings.php +++ b/engine/tests/api/metastrings.php @@ -135,5 +135,58 @@ class ElggCoreMetastringsTest extends ElggCoreUnitTest { } } + public function testKeepMeFromDeletingEverything() { + foreach ($this->metastringTypes as $type) { + $required = array( + 'guid', 'guids', 'limit' + ); + + switch ($type) { + case 'metadata': + $metadata_required = array( + 'metadata_owner_guid', 'metadata_owner_guids', + 'metadata_name', 'metadata_names', + 'metadata_value', 'metadata_values' + ); + + $required = array_merge($required, $metadata_required); + break; + + case 'annotations': + $annotations_required = array( + 'annotation_owner_guid', 'annotation_owner_guids', + 'annotation_name', 'annotation_names', + 'annotation_value', 'annotation_values' + ); + + $required = array_merge($required, $annotations_required); + break; + } + + $options = array(); + $this->assertFalse(elgg_is_valid_options_for_batch_operation($options), $type); + + foreach ($required as $key) { + $options = array(); + $options[$key] = ELGG_ENTITIES_ANY_VALUE; + $this->assertFalse(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = ELGG_ENTITIES_ANY_VALUE"); + + $options[$key] = ELGG_ENTITIES_NO_VALUE; + $this->assertFalse(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = ELGG_ENTITIES_NO_VALUE"); + + $options[$key] = false; + $this->assertFalse(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = bool false"); + + $options[$key] = true; + $this->assertTrue(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = bool true"); + + $options[$key] = 'test'; + $this->assertTrue(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = 'test'"); + + $options[$key] = array('test'); + $this->assertTrue(elgg_is_valid_options_for_batch_operation($options, $type), "Sent $key = array('test')"); + } + } + } } diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php index 89ef25572..f6ee532d3 100644 --- a/mod/pages/views/default/object/page_top.php +++ b/mod/pages/views/default/object/page_top.php @@ -26,6 +26,7 @@ if ($revision) { $annotation = $annotation[0]; } } +$annotation = null; $page_icon = elgg_view('pages/icon', array('annotation' => $annotation, 'size' => 'small')); |