check well formed setting ns and id

This commit is contained in:
Jean-Christian Paul Denis 2023-04-23 17:57:25 +02:00
parent 555e5d2167
commit a01d41d535
Signed by: JcDenis
GPG Key ID: 1B5B8C5B90B6C951

View File

@ -128,7 +128,7 @@ class Settings extends AbstractCleaner
{ {
$sql = new DeleteStatement(); $sql = new DeleteStatement();
if ($action == 'delete_global') { if ($action == 'delete_global' && self::checkNs($ns)) {
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME) $sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
->where('blog_id IS NULL') ->where('blog_id IS NULL')
->and('setting_ns = ' . $sql->quote((string) $ns)) ->and('setting_ns = ' . $sql->quote((string) $ns))
@ -136,7 +136,7 @@ class Settings extends AbstractCleaner
return true; return true;
} }
if ($action == 'delete_local') { if ($action == 'delete_local' && self::checkNs($ns)) {
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME) $sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
->where('blog_id = ' . $sql->quote((string) dcCore::app()->blog?->id)) ->where('blog_id = ' . $sql->quote((string) dcCore::app()->blog?->id))
->and('setting_ns = ' . $sql->quote((string) $ns)) ->and('setting_ns = ' . $sql->quote((string) $ns))
@ -144,7 +144,7 @@ class Settings extends AbstractCleaner
return true; return true;
} }
if ($action == 'delete_all') { if ($action == 'delete_all' && self::checkNs($ns)) {
$sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME) $sql->from(dcCore::app()->prefix . dcNamespace::NS_TABLE_NAME)
->where('setting_ns = ' . $sql->quote((string) $ns)) ->where('setting_ns = ' . $sql->quote((string) $ns))
->and($sql->orGroup(['blog_id IS NULL', 'blog_id IS NOT NULL'])) ->and($sql->orGroup(['blog_id IS NULL', 'blog_id IS NOT NULL']))
@ -153,12 +153,17 @@ class Settings extends AbstractCleaner
return true; return true;
} }
if ($action == 'delete_related') { if ($action == 'delete_related') {
$or = []; // check ns match ns:id;
foreach (explode(';', $ns) as $pair) { $reg_ws = substr(dcNamespace::NS_NAME_SCHEMA, 2, -2);
$exp = explode(':', $pair); $reg_id = substr(dcNamespace::NS_ID_SCHEMA, 2, -2);
if (count($exp) == 2) { if (!preg_match_all('#((' . $reg_ws . '):(' . $reg_id . ');?)#', $ns, $matches)) {
$or[] = $sql->andGroup(['setting_ns = ' . $sql->quote((string) $exp[0]), 'setting_id = ' . $sql->quote((string) $exp[1])]); return false;
} }
// build ws/id requests
$or = [];
foreach ($matches[2] as $key => $name) {
$or[] = $sql->andGroup(['setting_ns = ' . $sql->quote((string) $name), 'setting_id = ' . $sql->quote((string) $matches[3][$key])]);
} }
if (empty($or)) { if (empty($or)) {
return false; return false;
@ -174,4 +179,16 @@ class Settings extends AbstractCleaner
return false; return false;
} }
/**
* Check well formed ns.
*
* @param string The ns to check
*
* @return bool True on well formed
*/
private static function checkNs(string $ns): bool
{
return preg_match(dcNamespace::NS_NAME_SCHEMA, $ns);
}
} }