[CONTROLLER][UserPanel] Email is now sanitized and validated before calling corresponding setter
This commit is contained in:
parent
64a698d255
commit
1576d253a5
@ -138,7 +138,9 @@ class Security extends Controller
|
||||
$found_user = DB::findOneBy('local_user', ['or' => ['nickname' => $nickname, 'outgoing_email' => $data['email']]]);
|
||||
if ($found_user->getNickname() === $nickname) {
|
||||
throw new NicknameTakenException($found_user->getActor());
|
||||
} elseif ($found_user->getOutgoingEmail() === $data['email']) {
|
||||
}
|
||||
|
||||
if ($found_user->getOutgoingEmail() === $data['email']) {
|
||||
throw new EmailTakenException($found_user->getActor());
|
||||
}
|
||||
unset($found_user);
|
||||
@ -164,7 +166,7 @@ class Security extends Controller
|
||||
DB::persistWithSameId(
|
||||
$actor,
|
||||
$user,
|
||||
function (int $id) use ($user) {
|
||||
static function (int $id) use ($user) {
|
||||
// Self subscription for the Home feed and alike
|
||||
DB::persist(ActorSubscription::create(['subscriber_id' => $id, 'subscribed_id' => $id]));
|
||||
Feed::createDefaultFeeds($id, $user);
|
||||
|
@ -115,8 +115,22 @@ class UserPanel extends Controller
|
||||
// TODO Add support missing settings
|
||||
|
||||
$form = Form::create([
|
||||
['outgoing_email', TextType::class, ['label' => _m('Outgoing email'), 'required' => false, 'help' => _m('Change the email we use to contact you')]],
|
||||
['incoming_email', TextType::class, ['label' => _m('Incoming email'), 'required' => false, 'help' => _m('Change the email you use to contact us (for posting, for instance)')]],
|
||||
['outgoing_email_sanitized', TextType::class,
|
||||
[
|
||||
'label' => _m('Outgoing email'),
|
||||
'required' => false,
|
||||
'help' => _m('Change the email we use to contact you'),
|
||||
'data' => $user->getOutgoingEmail() ?: '',
|
||||
],
|
||||
],
|
||||
['incoming_email_sanitized', TextType::class,
|
||||
[
|
||||
'label' => _m('Incoming email'),
|
||||
'required' => false,
|
||||
'help' => _m('Change the email you use to contact us (for posting, for instance)'),
|
||||
'data' => $user->getIncomingEmail() ?: '',
|
||||
],
|
||||
],
|
||||
['save_email', SubmitType::class, ['label' => _m('Save email info')]],
|
||||
]);
|
||||
|
||||
|
@ -28,6 +28,7 @@ use App\Core\DB\DB;
|
||||
use App\Core\Entity;
|
||||
use App\Core\ActorLocalRoles;
|
||||
use App\Util\Common;
|
||||
use App\Util\Exception\EmailException;
|
||||
use App\Util\Exception\NicknameEmptyException;
|
||||
use App\Util\Exception\NicknameException;
|
||||
use App\Util\Exception\NicknameInvalidException;
|
||||
@ -369,6 +370,40 @@ class LocalUser extends Entity implements UserInterface, PasswordAuthenticatedUs
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates desired email, throwing an EmailException if it's invalid
|
||||
*
|
||||
* @param string|null $email The desired outgoing email
|
||||
* @return LocalUser
|
||||
* @throws EmailException
|
||||
*/
|
||||
public function setOutgoingEmailSanitized(?string $email): self
|
||||
{
|
||||
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
|
||||
if (!is_null($email) && !filter_var($sanitized_email, FILTER_VALIDATE_EMAIL)) {
|
||||
throw new EmailException('Invalid email entry, please use a valid email');
|
||||
}
|
||||
$this->outgoing_email = \is_null($sanitized_email) ? null : \mb_substr($sanitized_email, 0, 191);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates desired email, throwing an EmailException if it's invalid
|
||||
*
|
||||
* @param string|null $email The desired incoming email
|
||||
* @return LocalUser
|
||||
* @throws EmailException
|
||||
*/
|
||||
public function setIncomingEmailSanitized(?string $email): self
|
||||
{
|
||||
$sanitized_email = filter_var($email, FILTER_SANITIZE_EMAIL);
|
||||
if (!is_null($email) && !filter_var($sanitized_email, FILTER_VALIDATE_EMAIL)) {
|
||||
throw new EmailException('Invalid email entry, please use a valid email');
|
||||
}
|
||||
$this->incoming_email = \is_null($sanitized_email) ? null : \mb_substr($sanitized_email, 0, 191);
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getActor(): Actor
|
||||
{
|
||||
return Actor::getById($this->id);
|
||||
|
Loading…
Reference in New Issue
Block a user