[MediaWiki-commits] [Gerrit] Validate UserTuple constructor input - change (mediawiki...Flow)
jenkins-bot has submitted this change and it was merged. Change subject: Validate UserTuple constructor input .. Validate UserTuple constructor input Working on the LQT import patch bugs surfaced of bad data getting into the database. This problem has also been seen on ee-flow in spage's watchlist. Talked about this with matt the other day, easiest fix is to stop the data when it comes into the UserTuple. This patch adds exceptions to UserTuple::__construct and a test that asserts when the exceptions should and should not trigger. Change-Id: I312b5eee3a6073b469319b6ce8755f8cc3640232 --- M Hooks.php M autoload.php M includes/Model/UserTuple.php A tests/phpunit/Model/UserTupleTest.php M tests/phpunit/PermissionsTest.php 5 files changed, 110 insertions(+), 2 deletions(-) Approvals: Matthias Mullie: Looks good to me, approved jenkins-bot: Verified diff --git a/Hooks.php b/Hooks.php index a7bceb9..225c20a 100644 --- a/Hooks.php +++ b/Hooks.php @@ -770,7 +770,8 @@ $formatter = Container::get( 'formatter.irclineurl' ); $result = $formatter-format( $rc ); } catch ( Exception $e ) { - wfDebugLog( 'Flow', __METHOD__ . ': Failed formatting rc ' . $rc-getAttribute( 'rc_id' ) ); + wfDebugLog( 'Flow', __METHOD__ . ': Failed formatting rc ' . $rc-getAttribute( 'rc_id' ) + . ': ' . $e-getMessage() ); MWExceptionHandler::logException( $e ); } restore_error_handler(); diff --git a/autoload.php b/autoload.php index 891d85d..72ae15a 100644 --- a/autoload.php +++ b/autoload.php @@ -255,6 +255,7 @@ $wgAutoloadClasses['Flow\\Tests\\LocalBufferedBagOStuffTest'] = __DIR__ . '/tests/phpunit/Data/BagOStuff/LocalBufferedBagOStuffTest.php'; $wgAutoloadClasses['Flow\\Tests\\Model\\PostRevisionTest'] = __DIR__ . '/tests/phpunit/Model/PostRevisionTest.php'; $wgAutoloadClasses['Flow\\Tests\\Model\\UUIDTest'] = __DIR__ . '/tests/phpunit/Model/UUIDTest.php'; +$wgAutoloadClasses['Flow\\Tests\\Model\\UserTupleTest'] = __DIR__ . '/tests/phpunit/Model/UserTupleTest.php'; $wgAutoloadClasses['Flow\\Tests\\NotifiedUsersTest'] = __DIR__ . '/tests/phpunit/Notifications/NotifiedUsersTest.php'; $wgAutoloadClasses['Flow\\Tests\\PagerTest'] = __DIR__ . '/tests/phpunit/PagerTest.php'; $wgAutoloadClasses['Flow\\Tests\\Parsoid\\BadImageRemoverTest'] = __DIR__ . '/tests/phpunit/Parsoid/Fixer/BadImageRemoverTest.php'; diff --git a/includes/Model/UserTuple.php b/includes/Model/UserTuple.php index 3cd89f7..eb82597 100644 --- a/includes/Model/UserTuple.php +++ b/includes/Model/UserTuple.php @@ -4,17 +4,68 @@ use Flow\Exception\CrossWikiException; use Flow\Exception\FlowException; +use Flow\Exception\InvalidDataException; use User; +/** + * Small value object holds the values necessary to uniquely identify + * a user across multiple wiki's. + */ class UserTuple { + /** +* @param string The wiki the user belongs to +*/ public $wiki; + + /** +* @param integer The id of the user, or 0 for anonymous +*/ public $id; + + /** +* @param string The ip of the user, blank string if logged in. +*/ public $ip; + /** +* @param string $wiki The wiki the user belongs to +* @param integer|string $id The id of the user, or 0 for anonymous +* @param string|null $ip The ip of the user, blank string for no ip. +* null special case pass-through to be removed. +* @throws InvalidDataException +*/ public function __construct( $wiki, $id, $ip ) { + if ( !is_integer( $id ) ) { + if ( ctype_digit( $id ) ) { + $id = (int)$id; + } else { + throw new InvalidDataException( 'User id must be an integer' ); + } + } + if ( $id 0 ) { + throw new InvalidDataException( 'User id must be = 0' ); + } + if ( !$wiki ) { + throw new InvalidDataException( 'No wiki provided' ); + } + if ( $id === 0 strlen( $ip ) === 0 ) { + if ( $ip === null ) { + // allowing $ip === null is a temporary hack allowing + // IRCLineFormatter to operate as it has in the past. A + // followup will be in gerrit to remove this conditional + } else { + throw new InvalidDataException( 'User has no id and no ip' ); + } + } + if ( $id !== 0 strlen( $ip ) !== 0 ) { + throw new
[MediaWiki-commits] [Gerrit] Validate UserTuple constructor input - change (mediawiki...Flow)
EBernhardson has uploaded a new change for review. https://gerrit.wikimedia.org/r/168258 Change subject: Validate UserTuple constructor input .. Validate UserTuple constructor input Working on the LQT import patch bugs surfaced of bad data getting into the database. This problem has also been seen on ee-flow in spage's watchlist. Talked about this with matt the other day, easiest fix is to stop the data when it comes into the UserTuple. This patch adds exceptions to UserTuple::__construct and a test that asserts when the exceptions should and should not trigger. Change-Id: I312b5eee3a6073b469319b6ce8755f8cc3640232 --- M Hooks.php M autoload.php M includes/Model/UserTuple.php A tests/phpunit/Model/UserTupleTest.php 4 files changed, 102 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Flow refs/changes/58/168258/1 diff --git a/Hooks.php b/Hooks.php index a698ad3..f406032 100644 --- a/Hooks.php +++ b/Hooks.php @@ -732,7 +732,8 @@ try { $result = Container::get( 'formatter.irclineurl' )-format( $rc ); } catch ( Exception $e ) { - wfDebugLog( 'Flow', __METHOD__ . ': Failed formatting rc ' . $rc-getAttribute( 'rc_id' ) ); + wfDebugLog( 'Flow', __METHOD__ . ': Failed formatting rc ' . $rc-getAttribute( 'rc_id' ) + . ': ' . $e-getMessage() ); \MWExceptionHandler::logException( $e ); } restore_error_handler(); diff --git a/autoload.php b/autoload.php index 2a2b93f..f357035 100644 --- a/autoload.php +++ b/autoload.php @@ -243,6 +243,7 @@ $wgAutoloadClasses['Flow\\Tests\\LocalBufferedBagOStuffTest'] = __DIR__ . '/tests/phpunit/Data/BagOStuff/LocalBufferedBagOStuffTest.php'; $wgAutoloadClasses['Flow\\Tests\\Model\\PostRevisionTest'] = __DIR__ . '/tests/phpunit/Model/PostRevisionTest.php'; $wgAutoloadClasses['Flow\\Tests\\Model\\UUIDTest'] = __DIR__ . '/tests/phpunit/Model/UUIDTest.php'; +$wgAutoloadClasses['Flow\\Tests\\Model\\UserTupleTest'] = __DIR__ . '/tests/phpunit/Model/UserTupleTest.php'; $wgAutoloadClasses['Flow\\Tests\\NotifiedUsersTest'] = __DIR__ . '/tests/phpunit/Notifications/NotifiedUsersTest.php'; $wgAutoloadClasses['Flow\\Tests\\PagerTest'] = __DIR__ . '/tests/phpunit/PagerTest.php'; $wgAutoloadClasses['Flow\\Tests\\Parsoid\\BadImageRemoverTest'] = __DIR__ . '/tests/phpunit/Parsoid/Fixer/BadImageRemoverTest.php'; diff --git a/includes/Model/UserTuple.php b/includes/Model/UserTuple.php index 3cd89f7..eb82597 100644 --- a/includes/Model/UserTuple.php +++ b/includes/Model/UserTuple.php @@ -4,17 +4,68 @@ use Flow\Exception\CrossWikiException; use Flow\Exception\FlowException; +use Flow\Exception\InvalidDataException; use User; +/** + * Small value object holds the values necessary to uniquely identify + * a user across multiple wiki's. + */ class UserTuple { + /** +* @param string The wiki the user belongs to +*/ public $wiki; + + /** +* @param integer The id of the user, or 0 for anonymous +*/ public $id; + + /** +* @param string The ip of the user, blank string if logged in. +*/ public $ip; + /** +* @param string $wiki The wiki the user belongs to +* @param integer|string $id The id of the user, or 0 for anonymous +* @param string|null $ip The ip of the user, blank string for no ip. +* null special case pass-through to be removed. +* @throws InvalidDataException +*/ public function __construct( $wiki, $id, $ip ) { + if ( !is_integer( $id ) ) { + if ( ctype_digit( $id ) ) { + $id = (int)$id; + } else { + throw new InvalidDataException( 'User id must be an integer' ); + } + } + if ( $id 0 ) { + throw new InvalidDataException( 'User id must be = 0' ); + } + if ( !$wiki ) { + throw new InvalidDataException( 'No wiki provided' ); + } + if ( $id === 0 strlen( $ip ) === 0 ) { + if ( $ip === null ) { + // allowing $ip === null is a temporary hack allowing + // IRCLineFormatter to operate as it has in the past. A + // followup will be in gerrit to remove this conditional + } else { + throw new InvalidDataException( 'User has no id and no ip' ); + } + } + if ( $id !== 0 strlen( $ip ) !== 0 ) { + throw new InvalidDataException(