diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/classes/ElggAttributeLoader.php | 30 | ||||
-rw-r--r-- | engine/tests/regression/trac_bugs.php | 35 |
2 files changed, 48 insertions, 17 deletions
diff --git a/engine/classes/ElggAttributeLoader.php b/engine/classes/ElggAttributeLoader.php index b91e4b88a..0b770da75 100644 --- a/engine/classes/ElggAttributeLoader.php +++ b/engine/classes/ElggAttributeLoader.php @@ -24,7 +24,7 @@ class ElggAttributeLoader { 'time_created', 'time_updated', 'last_action', - 'enabled' + 'enabled', ); /** @@ -200,6 +200,8 @@ class ElggAttributeLoader { // saved, these are stored w/ type "site", but with no sites_entity row. These // are probably only created in the unit tests. // @todo Don't save vanilla ElggEntities with type "site" + + $row = $this->filterAddedColumns($row); $row['guid'] = (int) $row['guid']; return $row; } @@ -209,6 +211,8 @@ class ElggAttributeLoader { } } + $row = $this->filterAddedColumns($row); + // Note: If there are still missing attributes, we're running on a 1.7 or earlier schema. We let // this pass so the upgrades can run. @@ -217,4 +221,28 @@ class ElggAttributeLoader { return $row; } + + /** + * Filter out keys returned by the query which should not appear in the entity's attributes + * + * @param array $row All columns from the query + * @return array Columns acceptable for the entity's attributes + */ + protected function filterAddedColumns($row) { + // make an array with keys as acceptable attribute names + $acceptable_attrs = self::$primary_attr_names; + array_splice($acceptable_attrs, count($acceptable_attrs), 0, $this->secondary_attr_names); + $acceptable_attrs = array_combine($acceptable_attrs, $acceptable_attrs); + + // @todo remove these when #4584 is in place + $acceptable_attrs['tables_split'] = true; + $acceptable_attrs['tables_loaded'] = true; + + foreach ($row as $key => $val) { + if (!isset($acceptable_attrs[$key])) { + unset($row[$key]); + } + } + return $row; + } } diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 180fb5112..d7bb20f3b 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -297,31 +297,34 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { } } - /**
- * Checks if additional select columns does not leak to entity attributes. - *
- * https://github.com/Elgg/Elgg/issues/5538
- */
- public function test_sql_selects_leak_to_attributes() { + /** + * Ensure additional select columns do not end up in entity attributes. + * + * https://github.com/Elgg/Elgg/issues/5538 + */ + public function test_extra_columns_dont_appear_in_attributes() { global $ENTITY_CACHE; - //may not have groups in DB - let's create one + + // may not have groups in DB - let's create one $group = new ElggGroup(); $group->name = 'test_group'; - $group->access_id = ACCESS_PUBLIC;
- $this->assertTrue($group->save() !== false);
+ $group->access_id = ACCESS_PUBLIC; + $this->assertTrue($group->save() !== false); - //entity cache interferes with our test + // entity cache interferes with our test $ENTITY_CACHE = array(); foreach (array('site', 'user', 'group', 'object') as $type) { $entities = elgg_get_entities(array( - 'type' => $type,
- 'selects' => array('42 as added_col'),
- 'limit' => 1,
+ 'type' => $type, + 'selects' => array('1 as _nonexistent_test_column'), + 'limit' => 1, )); - $entity = array_shift($entities); - $this->assertTrue($entity instanceof ElggEntity); - $this->assertEqual($entity->added_col, null, "Additional select columns are leaking to attributes for " . get_class($entity)); + if (!$this->assertTrue($entities, "Query for '$type' did not return an entity.")) { + continue; + } + $entity = $entities[0]; + $this->assertNull($entity->_nonexistent_test_column, "Additional select columns are leaking to attributes for '$type'"); } $group->delete(); |