Merge pull request #11275 from MrPetovan/bug/11274-message-misdirected

Prevent tagsinput select element to be submitted without a value when they are required
pull/11279/head
Michael Vogel 2022-02-24 05:16:54 +01:00 committed by GitHub
commit 40259c7f04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 43 deletions

View File

@ -51,7 +51,7 @@ class ACL
* @return string
* @throws \Exception
*/
public static function getMessageContactSelectHTML(int $selected = null)
public static function getMessageContactSelectHTML(int $selected = null): string
{
$o = '';
@ -62,25 +62,7 @@ class ACL
$page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput.css'));
$page->registerStylesheet(Theme::getPathForFile('js/friendica-tagsinput/friendica-tagsinput-typeahead.css'));
$condition = [
'uid' => local_user(),
'self' => false,
'blocked' => false,
'pending' => false,
'archive' => false,
'deleted' => false,
'rel' => [Contact::FOLLOWER, Contact::SHARING, Contact::FRIEND],
'network' => Protocol::SUPPORT_PRIVATE,
];
$contacts = Contact::selectToArray(
['id', 'name', 'addr', 'micro'],
DBA::mergeConditions($condition, ["`notify` != ''"])
);
$arr = ['contact' => $contacts, 'entry' => $o];
Hook::callAll(DI::args()->getModuleName() . '_pre_recipient', $arr);
$contacts = self::getValidMessageRecipientsForUser(local_user());
$tpl = Renderer::getMarkupTemplate('acl/message_recipient.tpl');
$o = Renderer::replaceMacros($tpl, [
@ -93,6 +75,25 @@ class ACL
return $o;
}
public static function getValidMessageRecipientsForUser(int $uid): array
{
$condition = [
'uid' => $uid,
'self' => false,
'blocked' => false,
'pending' => false,
'archive' => false,
'deleted' => false,
'rel' => [Contact::FOLLOWER, Contact::SHARING, Contact::FRIEND],
'network' => Protocol::SUPPORT_PRIVATE,
];
return Contact::selectToArray(
['id', 'name', 'addr', 'micro', 'url', 'nick'],
DBA::mergeConditions($condition, ["`notify` != ''"])
);
}
/**
* Returns a minimal ACL block for self-only permissions
*

View File

@ -21,6 +21,7 @@
namespace Friendica\Model;
use Friendica\Core\ACL;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Core\Worker;
@ -39,10 +40,12 @@ class Mail
* Insert private message
*
* @param array $msg
* @param bool $notifiction
* @param bool $notification
* @return int|boolean Message ID or false on error
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
* @throws \ImagickException
*/
public static function insert($msg, $notifiction = true)
public static function insert($msg, $notification = true)
{
if (!isset($msg['reply'])) {
$msg['reply'] = DBA::exists('mail', ['parent-uri' => $msg['parent-uri']]);
@ -92,7 +95,7 @@ class Mail
DBA::update('conv', ['updated' => DateTimeFormat::utcNow()], ['id' => $msg['convid']]);
}
if ($notifiction) {
if ($notification) {
$user = User::getById($msg['uid']);
// send notifications.
$notif_params = [
@ -139,11 +142,15 @@ class Mail
return -2;
}
$contact = DBA::selectFirst('contact', [], ['id' => $recipient, 'uid' => local_user()]);
if (!DBA::isResult($contact)) {
$contacts = ACL::getValidMessageRecipientsForUser(local_user());
$contactIndex = array_search($recipient, array_column($contacts, 'id'));
if ($contactIndex === false) {
return -2;
}
$contact = $contacts[$contactIndex];
Photo::setPermissionFromBody($body, local_user(), $me['id'], '<' . $contact['id'] . '>', '', '', '');
$guid = System::createUUID();
@ -167,20 +174,12 @@ class Mail
$convuri = '';
if (!$convid) {
// create a new conversation
$recip_host = substr($contact['url'], strpos($contact['url'], '://') + 3);
$recip_host = substr($recip_host, 0, strpos($recip_host, '/'));
$recip_handle = (($contact['addr']) ? $contact['addr'] : $contact['nick'] . '@' . $recip_host);
$sender_handle = $a->getLoggedInUserNickname() . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
$conv_guid = System::createUUID();
$convuri = $recip_handle . ':' . $conv_guid;
$convuri = $contact['addr'] . ':' . $conv_guid;
$handles = $recip_handle . ';' . $sender_handle;
$fields = ['uid' => local_user(), 'guid' => $conv_guid, 'creator' => $sender_handle,
$fields = ['uid' => local_user(), 'guid' => $conv_guid, 'creator' => $me['addr'],
'created' => DateTimeFormat::utcNow(), 'updated' => DateTimeFormat::utcNow(),
'subject' => $subject, 'recips' => $handles];
'subject' => $subject, 'recips' => $contact['addr'] . ';' . $me['addr']];
if (DBA::insert('conv', $fields)) {
$convid = DBA::lastInsertId();
}

View File

@ -141,6 +141,7 @@ return [
'self' => 1,
'nurl' => 'http://localhost/profile/selfcontact',
'url' => 'http://localhost/profile/selfcontact',
'notify' => 'http://localhost/friendica/inbox',
'about' => 'User used in tests',
'prvkey' => "-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKBgQDVqxF9kIgtgRL0+q+jTi578FA1r1+crEmlYc0pdxcbmmrhjuRc\nrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/KHVks7eQ4yr4MxTRlsxo5qf2o\nnbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjsQPX240vGNXIkfLiAWwIDAQAB\nAoGBAIwuiPIdggqAtWQ+mD8HCx5LQwSFw6/xpPu5F7ZNqL52aAsGCbL3o2QoIG4c\na1qf9Ot16BNgNBqxQF3hzRTkBMrKYlmNTUkwJXun/zjQJq2JvOlcrSuXlIucUjs4\nXekVN25aYPHrX9m2FEIUwZTb4UYXbR80KbIDI53BkQ6EwSbpAkEA7aO49CR2Hf1Y\n1d2GaUI/Z0wvbj//+t0Kg0bPt16ca8KVjEQQA5ylsDaiw510jDz9NBQxSOk6If23\nUeRixc1RDQJBAOYtN4YnPM1Zfp6IxXlqMCc+xUWRTPEPFt+WpG+v79koNamAeA6o\nZzTl92hl58IqSdbgojeE2zXWQRvlimFMLQcCQQCV6jND0byyLqFcSeQBg0l8YROK\n+dUC7W80YfeoNod3c8nkMwvnO2tLPyxvO2XLEq6prBNra7bAus5rWyj0oBIBAkEA\n1EvUMFm0TLpEfLgtWuTD8Q6GKLnxO0ztjd+FXrXpBGN/ywyArxRHzJRmctW6wmz6\nmcOqGobhIHCysKYv0bnOtQJAc2M5RwlASHH4jGJzXgt3nboyiJfufM0RV9iry3ho\nCXQRWAONKoLqnsfC6qNP8OzY8FMJcwmPWj7Q/6z6yLBFTA==\n-----END RSA PRIVATE KEY-----",
'pubkey' => "-----BEGIN PUBLIC KEY-----\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDVqxF9kIgtgRL0+q+jTi578FA1\nr1+crEmlYc0pdxcbmmrhjuRcrK1gX3r0mnP25fkHzG+6CAjgbDBRFM1/RXBCyp/K\nHVks7eQ4yr4MxTRlsxo5qf2onbyNzM7Q+LZhFhe/yIoGN/fuEjlqBE98IfPOrUjs\nQPX240vGNXIkfLiAWwIDAQAB\n-----END PUBLIC KEY-----",
@ -161,6 +162,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/othercontact',
'url' => 'http://localhost/profile/othercontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0,
'blocked' => 0,
'rel' => Contact::NOTHING,
@ -176,6 +178,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/friendcontact',
'url' => 'http://localhost/profile/friendcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0,
'blocked' => 0,
'rel' => Contact::SHARING,
@ -191,6 +194,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/friendcontact',
'url' => 'http://localhost/profile/friendcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0,
'blocked' => 0,
'rel' => Contact::SHARING,
@ -206,6 +210,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/mutualcontact',
'url' => 'http://localhost/profile/mutualcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0,
'blocked' => 0,
'rel' => Contact::FRIEND,
@ -221,6 +226,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/mutualcontact',
'url' => 'http://localhost/profile/mutualcontact',
'notify' => 'http://localhost/friendica/inbox',
'pending' => 0,
'blocked' => 0,
'rel' => Contact::SHARING,
@ -236,6 +242,7 @@ return [
'self' => 0,
'nurl' => 'http://localhost/profile/selfcontact',
'url' => 'http://localhost/profile/selfcontact',
'notify' => 'http://localhost/friendica/inbox',
'about' => 'User used in tests',
'pending' => 0,
'blocked' => 0,

View File

@ -165,7 +165,7 @@
// add <option /> if item represents a value not present in one of the <select />'s options
if (self.isSelect && !optionExists) {
var $option = $('<option selected>' + htmlEncode(itemText) + '</option>');
var $option = $('<option>' + htmlEncode(itemText) + '</option>');
$option.data('item', item);
$option.attr('value', itemValue);
self.$element.append($option);
@ -577,11 +577,6 @@
tagsinput = new TagsInput(this, arg1);
$(this).data('tagsinput', tagsinput);
results.push(tagsinput);
if (this.tagName === 'SELECT') {
$('option', $(this)).attr('selected', 'selected');
}
// Init tags from $(this).val()
$(this).val($(this).val());
} else if (!arg1 && !arg2) {

View File

@ -1,4 +1,4 @@
<select name="recipient" class="form-control input-lg" id="recipient">
<select name="recipient" class="form-control input-lg" id="recipient" required>
{{foreach $contacts as $contact}}
<option value="{{$contact.id}}"{{if $contact.id == $selected}} selected{{/if}}>{{$contact.name}}</option>
{{/foreach}}
@ -48,7 +48,9 @@
}
});
{{if $selected}}
// Import existing ACL into the tags input fields.
$recipient_input.tagsinput('add', acl.get({{$selected}})[0]);
{{/if}}
});
</script>