From 2967c87990a1c940a03e85fc200bf323d64d8ee4 Mon Sep 17 00:00:00 2001 From: netkas Date: Wed, 12 Mar 2025 14:16:34 -0400 Subject: [PATCH] Refactor SettingsUpdateInformationPrivacy and PeerInformationManager to ensure proper UUID validation and improve error handling for privacy state updates https://github.com/nosial/Socialbox-PHP/issues/69 --- .../Settings/SettingsUpdateInformationPrivacy.php | 11 +++++------ src/Socialbox/Managers/PeerInformationManager.php | 13 +++++++++++-- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdateInformationPrivacy.php b/src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdateInformationPrivacy.php index 0ffc888..a4a5a7b 100644 --- a/src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdateInformationPrivacy.php +++ b/src/Socialbox/Classes/StandardMethods/Settings/SettingsUpdateInformationPrivacy.php @@ -27,7 +27,7 @@ { throw new MissingRpcArgumentException('field'); } - $fieldName = InformationFieldName::tryFrom(strtoupper($rpcRequest->getParameter('field'))); + $fieldName = InformationFieldName::tryFrom(strtoupper((string)$rpcRequest->getParameter('field'))); if($fieldName === null) { throw new InvalidRpcArgumentException('field'); @@ -39,7 +39,7 @@ throw new MissingRpcArgumentException('privacy'); } - $privacy = PrivacyState::tryFrom(strtoupper($rpcRequest->getParameter('privacy'))); + $privacy = PrivacyState::tryFrom(strtoupper((string)$rpcRequest->getParameter('privacy'))); if($privacy === null) { throw new InvalidRpcArgumentException('privacy'); @@ -47,20 +47,19 @@ try { - $peer = $request->getPeer(); - if(!PeerInformationManager::fieldExists($peer, $fieldName)) + $requestingPeer = $request->getPeer(); + if(!PeerInformationManager::fieldExists($requestingPeer, $fieldName)) { return $rpcRequest->produceResponse(false); } - PeerInformationManager::updatePrivacyState($peer, $fieldName, $privacy); + PeerInformationManager::updatePrivacyState($requestingPeer, $fieldName, $privacy); } catch(DatabaseOperationException $e) { throw new StandardRpcException('Failed to update the information field', StandardError::INTERNAL_SERVER_ERROR, $e); } - return $rpcRequest->produceResponse(true); } } \ No newline at end of file diff --git a/src/Socialbox/Managers/PeerInformationManager.php b/src/Socialbox/Managers/PeerInformationManager.php index a849732..ff3c149 100644 --- a/src/Socialbox/Managers/PeerInformationManager.php +++ b/src/Socialbox/Managers/PeerInformationManager.php @@ -2,9 +2,11 @@ namespace Socialbox\Managers; + use InvalidArgumentException; use PDOException; use Socialbox\Classes\Configuration; use Socialbox\Classes\Database; + use Socialbox\Classes\Validator; use Socialbox\Enums\PrivacyState; use Socialbox\Enums\Types\InformationFieldName; use Socialbox\Exceptions\DatabaseOperationException; @@ -113,10 +115,14 @@ { $peerUuid = $peerUuid->getUuid(); } + elseif(!Validator::validateUuid($peerUuid)) + { + throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4'); + } if(!self::fieldExists($peerUuid, $property)) { - throw new \InvalidArgumentException(sprintf('Cannot update privacy state, the requested property %s does not exist with %s', $property->value, $peerUuid)); + throw new InvalidArgumentException(sprintf('Cannot update privacy state, the requested property %s does not exist with %s', $property->value, $peerUuid)); } try @@ -149,6 +155,10 @@ { $peerUuid = $peerUuid->getUuid(); } + elseif(!Validator::validateUuid($peerUuid)) + { + throw new InvalidArgumentException('The given internal peer UUID is not a valid UUID V4'); + } try { @@ -253,7 +263,6 @@ } $results = []; - /** @var PrivacyState $privacyState */ foreach($privacyFilters as $privacyState) { try