fix(link): Properly sanizite and map database values to what we expec…

…t it to be Signed-off-by: Julius Härtl <jus@bitgrid.net>
nextcloud · Jan 18, 2024 · a14b4f3 · a14b4f3
1 parent dff8e8a
commit a14b4f3
Showing 1 changed file with 26 additions and 6 deletions.
diff --git a/lib/Service/ColumnTypes/TextLinkBusiness.php b/lib/Service/ColumnTypes/TextLinkBusiness.php
@@ -17,13 +17,21 @@ public function parseValue($value, ?Column $column = null): string {
 		if (!empty($matches) && $matches[0] && $matches[1]) {
 			return json_encode(json_encode([
 				'title' => $matches[1],
-				'resourceUrl' => $matches[2]
+				'value' => $matches[2],
+				'providerId' => 'url',
 			]));
 		}
 
-		// if is json
+		// if is json (this is the default case, other formats are backward compatibility
 		$data = json_decode($value, true);
 		if($data !== null) {
+			if (isset($data['resourceUrl'])) {
+				return json_encode(json_encode([
+					'title' => $data['title'] ?? $data['resourceUrl'],
+					'value' => $data['resourceUrl'],
+					'providerId' => 'url',
+				]));
+			}
 			// at least title and resUrl have to be set
 			if(isset($data['title']) && isset($data['value'])) {
 				return json_encode($value);
@@ -40,7 +48,8 @@ public function parseValue($value, ?Column $column = null): string {
 		}
 		return json_encode(json_encode([
 			'title' => $matches[0],
-			'resourceUrl' => $matches[0]
+			'value' => $matches[0],
+			'providerId' => 'url',
 		]));
 	}
 
@@ -55,9 +64,20 @@ public function canBeParsed($value, ?Column $column = null): bool {
 			return true;
 		}
 
-		// if is json
-		$data = json_decode($value);
-		if($data != null) {
+		$data = json_decode($value, true);
+		if($data !== null) {
+			if (!isset($data['resourceUrl']) && !isset($data['value'])) {
+				$this->logger->error('Value ' . $value . ' cannot be parsed as the column ' . $column->getId(). ' as it contains incomplete data');
+				return false;
+			}
+
+			// Validate url providers
+			$allowedProviders = explode(',', $column->getTextAllowedPattern()) ?: [];
+			if (isset($data['providerId']) && !in_array($data['providerId'], $allowedProviders)) {
+				$this->logger->error('Value ' . $value . ' cannot be parsed as the column ' . $column->getId(). ' does not allow the provider: ' . $data['providerId']);
+				return false;
+			}
+
 			return true;
 		}