aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-06-01 21:55:22 -0400
committerSteve Clay <steve@mrclay.org>2013-06-01 21:55:22 -0400
commitb2af2df3b5c89869e83ce5ee66d8368b3addef35 (patch)
tree3731b21f89a5bbb2cc69c98c972b96b33013021f
parent8d1e8f8c4cbb3e269d36c9867884eef2490dfc60 (diff)
parent2e979f75cd625c42ac5251140a3e7a797108f669 (diff)
downloadelgg-b2af2df3b5c89869e83ce5ee66d8368b3addef35.tar.gz
elgg-b2af2df3b5c89869e83ce5ee66d8368b3addef35.tar.bz2
Merge branch '5539_18' into 1.8
-rw-r--r--engine/classes/ElggAttributeLoader.php30
-rw-r--r--engine/tests/regression/trac_bugs.php33
2 files changed, 62 insertions, 1 deletions
diff --git a/engine/classes/ElggAttributeLoader.php b/engine/classes/ElggAttributeLoader.php
index b91e4b88a..0b770da75 100644
--- a/engine/classes/ElggAttributeLoader.php
+++ b/engine/classes/ElggAttributeLoader.php
@@ -24,7 +24,7 @@ class ElggAttributeLoader {
'time_created',
'time_updated',
'last_action',
- 'enabled'
+ 'enabled',
);
/**
@@ -200,6 +200,8 @@ class ElggAttributeLoader {
// saved, these are stored w/ type "site", but with no sites_entity row. These
// are probably only created in the unit tests.
// @todo Don't save vanilla ElggEntities with type "site"
+
+ $row = $this->filterAddedColumns($row);
$row['guid'] = (int) $row['guid'];
return $row;
}
@@ -209,6 +211,8 @@ class ElggAttributeLoader {
}
}
+ $row = $this->filterAddedColumns($row);
+
// Note: If there are still missing attributes, we're running on a 1.7 or earlier schema. We let
// this pass so the upgrades can run.
@@ -217,4 +221,28 @@ class ElggAttributeLoader {
return $row;
}
+
+ /**
+ * Filter out keys returned by the query which should not appear in the entity's attributes
+ *
+ * @param array $row All columns from the query
+ * @return array Columns acceptable for the entity's attributes
+ */
+ protected function filterAddedColumns($row) {
+ // make an array with keys as acceptable attribute names
+ $acceptable_attrs = self::$primary_attr_names;
+ array_splice($acceptable_attrs, count($acceptable_attrs), 0, $this->secondary_attr_names);
+ $acceptable_attrs = array_combine($acceptable_attrs, $acceptable_attrs);
+
+ // @todo remove these when #4584 is in place
+ $acceptable_attrs['tables_split'] = true;
+ $acceptable_attrs['tables_loaded'] = true;
+
+ foreach ($row as $key => $val) {
+ if (!isset($acceptable_attrs[$key])) {
+ unset($row[$key]);
+ }
+ }
+ return $row;
+ }
}
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
index 051aa8d1b..5730830bb 100644
--- a/engine/tests/regression/trac_bugs.php
+++ b/engine/tests/regression/trac_bugs.php
@@ -296,4 +296,37 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
$this->assertEqual($output, parse_urls($input));
}
}
+
+ /**
+ * Ensure additional select columns do not end up in entity attributes.
+ *
+ * https://github.com/Elgg/Elgg/issues/5538
+ */
+ public function test_extra_columns_dont_appear_in_attributes() {
+ global $ENTITY_CACHE;
+
+ // may not have groups in DB - let's create one
+ $group = new ElggGroup();
+ $group->name = 'test_group';
+ $group->access_id = ACCESS_PUBLIC;
+ $this->assertTrue($group->save() !== false);
+
+ // entity cache interferes with our test
+ $ENTITY_CACHE = array();
+
+ foreach (array('site', 'user', 'group', 'object') as $type) {
+ $entities = elgg_get_entities(array(
+ 'type' => $type,
+ 'selects' => array('1 as _nonexistent_test_column'),
+ 'limit' => 1,
+ ));
+ if (!$this->assertTrue($entities, "Query for '$type' did not return an entity.")) {
+ continue;
+ }
+ $entity = $entities[0];
+ $this->assertNull($entity->_nonexistent_test_column, "Additional select columns are leaking to attributes for '$type'");
+ }
+
+ $group->delete();
+ }
}