Merge pull request #11275 from MrPetovan/bug/11274-message-misdirected

Prevent tagsinput select element to be submitted without a value when they are required
pull/11279/head
Michael Vogel 2022-02-24 05:16:54 +01:00 committed by GitHub
commit 40259c7f04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 43 deletions

View File

@ -51,7 +51,7 @@ class ACL
* @return string * @return string
* @throws \Exception * @throws \Exception
*/ */
public static function getMessageContactSelectHTML(int $selected = null) public static function getMessageContactSelectHTML(int $selected = null): string
{ {
$o = ''; $o = '';
@ -62,25 +62,7 @@ class ACL
$page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css')); $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css'));
$page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css')); $page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css'));
$condition = [ $contacts = self::getValidMessageRecipientsForUser(local_user());
'uid' => local_user(),
'self' => false,
'blocked' => false,
'pending' => false,
'archive' => false,
'deleted' => false,
'rel' => [Contact::FOLLOWER, Contact::SHARING, Contact::FRIEND],
'network' => Protocol::SUPPORT_PRIVATE,
];
$contacts = Contact::selectToArray(
['id', 'name', 'addr', 'micro'],
DBA::mergeConditions($condition, ["`notify` != ''"])
);
$arr = ['contact' => $contacts, 'entry' => $o];
Hook::callAll(DI::args()->getModuleName() . '_pre_recipient', $arr);
$tpl = Renderer::getMarkupTemplate('acl/message_recipient.tpl'); $tpl = Renderer::getMarkupTemplate('acl/message_recipient.tpl');
$o = Renderer::replaceMacros($tpl, [ $o = Renderer::replaceMacros($tpl, [
@ -93,6 +75,25 @@ class ACL
return $o; return $o;
} }
public static function getValidMessageRecipientsForUser(int $uid): array
{
$condition = [
'uid' => $uid,
'self' => false,
'blocked' => false,
'pending' => false,
'archive' => false,
'deleted' => false,
'rel' => [Contact::FOLLOWER, Contact::SHARING, Contact::FRIEND],
'network' => Protocol::SUPPORT_PRIVATE,
];
return Contact::selectToArray(
['id', 'name', 'addr', 'micro', 'url', 'nick'],
DBA::mergeConditions($condition, ["`notify` != ''"])
);
}
/** /**
* Returns a minimal ACL block for self-only permissions * Returns a minimal ACL block for self-only permissions
* *

View File

@ -21,6 +21,7 @@
namespace Friendica\Model; namespace Friendica\Model;
use Friendica\Core\ACL;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Core\Worker; use Friendica\Core\Worker;
@ -39,10 +40,12 @@ class Mail
* Insert private message * Insert private message
* *
* @param array $msg * @param array $msg
* @param bool $notifiction * @param bool $notification
* @return int|boolean Message ID or false on error * @return int|boolean Message ID or false on error
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
*/ */
public static function insert($msg, $notifiction = true) public static function insert($msg, $notification = true)
{ {
if (!isset($msg['reply'])) { if (!isset($msg['reply'])) {
$msg['reply'] = DBA::exists('mail', ['parent-uri' => $msg['parent-uri']]); $msg['reply'] = DBA::exists('mail', ['parent-uri' => $msg['parent-uri']]);
@ -92,7 +95,7 @@ class Mail
DBA::update('conv', ['updated' => DateTimeFormat::utcNow()], ['id' => $msg['convid']]); DBA::update('conv', ['updated' => DateTimeFormat::utcNow()], ['id' => $msg['convid']]);
} }
if ($notifiction) { if ($notification) {
$user = User::getById($msg['uid']); $user = User::getById($msg['uid']);
// send notifications. // send notifications.
$notif_params = [ $notif_params = [
@ -139,11 +142,15 @@ class Mail
return -2; return -2;
} }
$contact = DBA::selectFirst('contact', [], ['id' => $recipient, 'uid' => local_user()]); $contacts = ACL::getValidMessageRecipientsForUser(local_user());
if (!DBA::isResult($contact)) {
$contactIndex = array_search($recipient, array_column($contacts, 'id'));
if ($contactIndex === false) {
return -2; return -2;
} }
$contact = $contacts[$contactIndex];
Photo::setPermissionFromBody($body, local_user(), $me['id'], '<' . $contact['id'] . '>', '', '', ''); Photo::setPermissionFromBody($body, local_user(), $me['id'], '<' . $contact['id'] . '>', '', '', '');
$guid = System::createUUID(); $guid = System::createUUID();
@ -167,20 +174,12 @@ class Mail
$convuri = ''; $convuri = '';
if (!$convid) { if (!$convid) {
// create a new conversation // create a new conversation
$recip_host = substr($contact['url'], strpos($contact['url'], '://') + 3);
$recip_host = substr($recip_host, 0, strpos($recip_host, '/'));
$recip_handle = (($contact['addr']) ? $contact['addr'] : $contact['nick'] . '@' . $recip_host);
$sender_handle = $a->getLoggedInUserNickname() . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
$conv_guid = System::createUUID(); $conv_guid = System::createUUID();
$convuri = $recip_handle . ':' . $conv_guid; $convuri = $contact['addr'] . ':' . $conv_guid;
$handles = $recip_handle . ';' . $sender_handle; $fields = ['uid' => local_user(), 'guid' => $conv_guid, 'creator' => $me['addr'],
$fields = ['uid' => local_user(), 'guid' => $conv_guid, 'creator' => $sender_handle,
'created' => DateTimeFormat::utcNow(), 'updated' => DateTimeFormat::utcNow(), 'created' => DateTimeFormat::utcNow(), 'updated' => DateTimeFormat::utcNow(),
'subject' => $subject, 'recips' => $handles]; 'subject' => $subject, 'recips' => $contact['addr'] . ';' . $me['addr']];
if (DBA::insert('conv', $fields)) { if (DBA::insert('conv', $fields)) {
$convid = DBA::lastInsertId(); $convid = DBA::lastInsertId();
} }

View File

@ -141,6 +141,7 @@ return [
'self' => 1, 'self' => 1,
'nurl' => 'http://localhost/profile/selfcontact', 'nurl' => 'http://localhost/profile/selfcontact',
'url' => 'http://localhost/profile/selfcontact', 'url' => 'http://localhost/profile/selfcontact',
'notify' => 'http://localhost/friendica/inbox',
'about' => 'User used in tests', 'about' => 'User used in tests',
'prvkey' => "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDVqxF9kIgtgRL0+q+jTi578FA1r1+crEmlYc0pdxcbmmrhjuRc\nrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/KHVks7eQ4yr4MxTRlsxo5qf2o\nnbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjsQPX240vGNXIkfLiAWwIDAQAB\nAoGBAIwuiPIdggqAtWQ+mD8HCx5LQwSFw6/xpPu5F7ZNqL52aAsGCbL3o2QoIG4c\na1qf9Ot16BNgNBqxQF3hzRTkBMrKYlmNTUkwJXun/zjQJq2JvOlcrSuXlIucUjs4\nXekVN25aYPHrX9m2FEIUwZTb4UYXbR80KbIDI53BkQ6EwSbpAkEA7aO49CR2Hf1Y\n1d2GaUI/Z0wvbj//+t0Kg0bPt16ca8KVjEQQA5ylsDaiw510jDz9NBQxSOk6If23\nUeRixc1RDQJBAOYtN4YnPM1Zfp6IxXlqMCc+xUWRTPEPFt+WpG+v79koNamAeA6o\nZzTl92hl58IqSdbgojeE2zXWQRvlimFMLQcCQQCV6jND0byyLqFcSeQBg0l8YROK\n+dUC7W80YfeoNod3c8nkMwvnO2tLPyxvO2XLEq6prBNra7bAus5rWyj0oBIBAkEA\n1EvUMFm0TLpEfLgtWuTD8Q6GKLnxO0ztjd+FXrXpBGN/ywyArxRHzJRmctW6wmz6\nmcOqGobhIHCysKYv0bnOtQJAc2M5RwlASHH4jGJzXgt3nboyiJfufM0RV9iry3ho\nCXQRWAONKoLqnsfC6qNP8OzY8FMJcwmPWj7Q/6z6yLBFTA==\n-----END RSA PRIVATE KEY-----", 'prvkey' => "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDVqxF9kIgtgRL0+q+jTi578FA1r1+crEmlYc0pdxcbmmrhjuRc\nrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/KHVks7eQ4yr4MxTRlsxo5qf2o\nnbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjsQPX240vGNXIkfLiAWwIDAQAB\nAoGBAIwuiPIdggqAtWQ+mD8HCx5LQwSFw6/xpPu5F7ZNqL52aAsGCbL3o2QoIG4c\na1qf9Ot16BNgNBqxQF3hzRTkBMrKYlmNTUkwJXun/zjQJq2JvOlcrSuXlIucUjs4\nXekVN25aYPHrX9m2FEIUwZTb4UYXbR80KbIDI53BkQ6EwSbpAkEA7aO49CR2Hf1Y\n1d2GaUI/Z0wvbj//+t0Kg0bPt16ca8KVjEQQA5ylsDaiw510jDz9NBQxSOk6If23\nUeRixc1RDQJBAOYtN4YnPM1Zfp6IxXlqMCc+xUWRTPEPFt+WpG+v79koNamAeA6o\nZzTl92hl58IqSdbgojeE2zXWQRvlimFMLQcCQQCV6jND0byyLqFcSeQBg0l8YROK\n+dUC7W80YfeoNod3c8nkMwvnO2tLPyxvO2XLEq6prBNra7bAus5rWyj0oBIBAkEA\n1EvUMFm0TLpEfLgtWuTD8Q6GKLnxO0ztjd+FXrXpBGN/ywyArxRHzJRmctW6wmz6\nmcOqGobhIHCysKYv0bnOtQJAc2M5RwlASHH4jGJzXgt3nboyiJfufM0RV9iry3ho\nCXQRWAONKoLqnsfC6qNP8OzY8FMJcwmPWj7Q/6z6yLBFTA==\n-----END RSA PRIVATE KEY-----",
'pubkey' => "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVqxF9kIgtgRL0+q+jTi578FA1\nr1+crEmlYc0pdxcbmmrhjuRcrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/K\nHVks7eQ4yr4MxTRlsxo5qf2onbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjs\nQPX240vGNXIkfLiAWwIDAQAB\n-----END PUBLIC KEY-----", 'pubkey' => "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVqxF9kIgtgRL0+q+jTi578FA1\nr1+crEmlYc0pdxcbmmrhjuRcrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/K\nHVks7eQ4yr4MxTRlsxo5qf2onbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjs\nQPX240vGNXIkfLiAWwIDAQAB\n-----END PUBLIC KEY-----",
@ -161,6 +162,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/othercontact', 'nurl' => 'http://localhost/profile/othercontact',
'url' => 'http://localhost/profile/othercontact', 'url' => 'http://localhost/profile/othercontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,
'rel' => Contact::NOTHING, 'rel' => Contact::NOTHING,
@ -176,6 +178,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/friendcontact', 'nurl' => 'http://localhost/profile/friendcontact',
'url' => 'http://localhost/profile/friendcontact', 'url' => 'http://localhost/profile/friendcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,
'rel' => Contact::SHARING, 'rel' => Contact::SHARING,
@ -191,6 +194,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/friendcontact', 'nurl' => 'http://localhost/profile/friendcontact',
'url' => 'http://localhost/profile/friendcontact', 'url' => 'http://localhost/profile/friendcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,
'rel' => Contact::SHARING, 'rel' => Contact::SHARING,
@ -206,6 +210,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/mutualcontact', 'nurl' => 'http://localhost/profile/mutualcontact',
'url' => 'http://localhost/profile/mutualcontact', 'url' => 'http://localhost/profile/mutualcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,
'rel' => Contact::FRIEND, 'rel' => Contact::FRIEND,
@ -221,6 +226,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/mutualcontact', 'nurl' => 'http://localhost/profile/mutualcontact',
'url' => 'http://localhost/profile/mutualcontact', 'url' => 'http://localhost/profile/mutualcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,
'rel' => Contact::SHARING, 'rel' => Contact::SHARING,
@ -236,6 +242,7 @@ return [
'self' => 0, 'self' => 0,
'nurl' => 'http://localhost/profile/selfcontact', 'nurl' => 'http://localhost/profile/selfcontact',
'url' => 'http://localhost/profile/selfcontact', 'url' => 'http://localhost/profile/selfcontact',
'notify' => 'http://localhost/friendica/inbox',
'about' => 'User used in tests', 'about' => 'User used in tests',
'pending' => 0, 'pending' => 0,
'blocked' => 0, 'blocked' => 0,

View File

@ -165,7 +165,7 @@
// add <option /> if item represents a value not present in one of the <select />'s options // add <option /> if item represents a value not present in one of the <select />'s options
if (self.isSelect && !optionExists) { if (self.isSelect && !optionExists) {
var $option = $('<option selected>' + htmlEncode(itemText) + '</option>'); var $option = $('<option>' + htmlEncode(itemText) + '</option>');
$option.data('item', item); $option.data('item', item);
$option.attr('value', itemValue); $option.attr('value', itemValue);
self.$element.append($option); self.$element.append($option);
@ -577,11 +577,6 @@
tagsinput = new TagsInput(this, arg1); tagsinput = new TagsInput(this, arg1);
$(this).data('tagsinput', tagsinput); $(this).data('tagsinput', tagsinput);
results.push(tagsinput); results.push(tagsinput);
if (this.tagName === 'SELECT') {
$('option', $(this)).attr('selected', 'selected');
}
// Init tags from $(this).val() // Init tags from $(this).val()
$(this).val($(this).val()); $(this).val($(this).val());
} else if (!arg1 && !arg2) { } else if (!arg1 && !arg2) {

View File

@ -1,4 +1,4 @@
<select name="recipient" class="form-control input-lg" id="recipient"> <select name="recipient" class="form-control input-lg" id="recipient" required>
{{foreach $contacts as $contact}} {{foreach $contacts as $contact}}
<option value="{{$contact.id}}"{{if $contact.id == $selected}} selected{{/if}}>{{$contact.name}}</option> <option value="{{$contact.id}}"{{if $contact.id == $selected}} selected{{/if}}>{{$contact.name}}</option>
{{/foreach}} {{/foreach}}
@ -48,7 +48,9 @@
} }
}); });
{{if $selected}}
// Import existing ACL into the tags input fields. // Import existing ACL into the tags input fields.
$recipient_input.tagsinput('add', acl.get({{$selected}})[0]); $recipient_input.tagsinput('add', acl.get({{$selected}})[0]);
{{/if}}
}); });
</script> </script>