GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CONTROLLER][UserPanel] Email is now sanitized and validated before calling corresponding setter

This commit is contained in:
Eliseu Amaro 2022-01-27 16:59:43 +00:00
parent 64a698d255
commit 1576d253a5
Signed by: eliseuamaro
GPG Key ID: 96DA09D4B97BC2D5
3 changed files with 55 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Controller/Security.php
View File

@ -138,7 +138,9 @@ class Security extends Controller
$found_user = DB::findOneBy('local_user', ['or' => ['nickname' => $nickname, 'outgoing_email' => $data['email']]]);
if ($found_user->getNickname() === $nickname) {
throw new NicknameTakenException($found_user->getActor());
} elseif ($found_user->getOutgoingEmail() === $data['email']) {
}
if ($found_user->getOutgoingEmail() === $data['email']) {
throw new EmailTakenException($found_user->getActor());
}
unset($found_user);
@ -164,7 +166,7 @@ class Security extends Controller
DB::persistWithSameId(
$actor,
$user,
function (int $id) use ($user) {
static function (int $id) use ($user) {
// Self subscription for the Home feed and alike
DB::persist(ActorSubscription::create(['subscriber_id' => $id, 'subscribed_id' => $id]));
Feed::createDefaultFeeds($id, $user);

18
src/Controller/UserPanel.php
View File

@ -115,8 +115,22 @@ class UserPanel extends Controller
// TODO Add support missing settings
$form = Form::create([
['outgoing_email', TextType::class, ['label' => _m('Outgoing email'), 'required' => false, 'help' => _m('Change the email we use to contact you')]],
['incoming_email', TextType::class, ['label' => _m('Incoming email'), 'required' => false, 'help' => _m('Change the email you use to contact us (for posting, for instance)')]],
['outgoing_email_sanitized', TextType::class,
[
'label' => _m('Outgoing email'),
'required' => false,
'help' => _m('Change the email we use to contact you'),
'data' => $user->getOutgoingEmail() ?: '',
],
],
['incoming_email_sanitized', TextType::class,
[
'label' => _m('Incoming email'),
'required' => false,
'help' => _m('Change the email you use to contact us (for posting, for instance)'),
'data' => $user->getIncomingEmail() ?: '',
],
],
['save_email', SubmitType::class, ['label' => _m('Save email info')]],
]);

35
src/Entity/LocalUser.php
View File

@ -28,6 +28,7 @@ use App\Core\DB\DB;
use App\Core\Entity;
use App\Core\ActorLocalRoles;
use App\Util\Common;
use App\Util\Exception\EmailException;
use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameException;
use App\Util\Exception\NicknameInvalidException;
@ -369,6 +370,40 @@ class LocalUser extends Entity implements UserInterface, PasswordAuthenticatedUs
return $this;
}
/**
* Validates desired email, throwing an EmailException if it's invalid
*
* @param string|null $email The desired outgoing email
* @return LocalUser
* @throws EmailException
*/
public function setOutgoingEmailSanitized(?string $email): self
{
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!is_null($email) && !filter_var($sanitized_email, FILTER_VALIDATE_EMAIL)) {
throw new EmailException('Invalid email entry, please use a valid email');
}
$this->outgoing_email = \is_null($sanitized_email) ? null : \mb_substr($sanitized_email, 0, 191);
return $this;
}
/**
* Validates desired email, throwing an EmailException if it's invalid
*
* @param string|null $email The desired incoming email
* @return LocalUser
* @throws EmailException
*/
public function setIncomingEmailSanitized(?string $email): self
{
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
if (!is_null($email) && !filter_var($sanitized_email, FILTER_VALIDATE_EMAIL)) {
throw new EmailException('Invalid email entry, please use a valid email');
}
$this->incoming_email = \is_null($sanitized_email) ? null : \mb_substr($sanitized_email, 0, 191);
return $this;
}
public function getActor(): Actor
{
return Actor::getById($this->id);