From a14b4f3dd08b0cd06c6786a3c6d444b0d6297dae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 18 Jan 2024 13:56:07 +0100 Subject: [PATCH] fix(link): Properly sanizite and map database values to what we expect it to be MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- lib/Service/ColumnTypes/TextLinkBusiness.php | 32 ++++++++++++++++---- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/lib/Service/ColumnTypes/TextLinkBusiness.php b/lib/Service/ColumnTypes/TextLinkBusiness.php index c36cfabfa..0bdd4fd07 100644 --- a/lib/Service/ColumnTypes/TextLinkBusiness.php +++ b/lib/Service/ColumnTypes/TextLinkBusiness.php @@ -17,13 +17,21 @@ public function parseValue($value, ?Column $column = null): string { if (!empty($matches) && $matches[0] && $matches[1]) { return json_encode(json_encode([ 'title' => $matches[1], - 'resourceUrl' => $matches[2] + 'value' => $matches[2], + 'providerId' => 'url', ])); } - // if is json + // if is json (this is the default case, other formats are backward compatibility $data = json_decode($value, true); if($data !== null) { + if (isset($data['resourceUrl'])) { + return json_encode(json_encode([ + 'title' => $data['title'] ?? $data['resourceUrl'], + 'value' => $data['resourceUrl'], + 'providerId' => 'url', + ])); + } // at least title and resUrl have to be set if(isset($data['title']) && isset($data['value'])) { return json_encode($value); @@ -40,7 +48,8 @@ public function parseValue($value, ?Column $column = null): string { } return json_encode(json_encode([ 'title' => $matches[0], - 'resourceUrl' => $matches[0] + 'value' => $matches[0], + 'providerId' => 'url', ])); } @@ -55,9 +64,20 @@ public function canBeParsed($value, ?Column $column = null): bool { return true; } - // if is json - $data = json_decode($value); - if($data != null) { + $data = json_decode($value, true); + if($data !== null) { + if (!isset($data['resourceUrl']) && !isset($data['value'])) { + $this->logger->error('Value ' . $value . ' cannot be parsed as the column ' . $column->getId(). ' as it contains incomplete data'); + return false; + } + + // Validate url providers + $allowedProviders = explode(',', $column->getTextAllowedPattern()) ?: []; + if (isset($data['providerId']) && !in_array($data['providerId'], $allowedProviders)) { + $this->logger->error('Value ' . $value . ' cannot be parsed as the column ' . $column->getId(). ' does not allow the provider: ' . $data['providerId']); + return false; + } + return true; }