/**
* Turn user/group ACLs stored as angle bracketed text into arrays
*
- * @param string $ids A angle-bracketed list of IDs
+ * @param string|null $ids A angle-bracketed list of IDs
*
- * @return array The array based on the IDs
+ * @return array The array based on the IDs (empty in case there is no list)
*/
- public function expand(string $ids)
+ public function expand(string $ids = null)
{
+ // In case there is no ID list, return empty array (=> no ACL set)
+ if (!isset($ids)) {
+ return [];
+ }
+
// turn string array of angle-bracketed elements into numeric array
// e.g. "<1><2><3>" => array(1,2,3);
preg_match_all('/<(' . Group::FOLLOWERS . '|'. Group::MUTUALS . '|[0-9]+)>/', $ids, $matches, PREG_PATTERN_ORDER);
* @param string $item The item to sanitise
*/
private function sanitize(string &$item) {
+ // The item is an ACL int value
if (intval($item)) {
$item = '<' . intval(Strings::escapeTags(trim($item))) . '>';
+ // The item is a allowed ACL character
} elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) {
$item = '<' . $item . '>';
- } else {
+ // The item is already a ACL string
+ } elseif (preg_match('/<\d+?>/', $item)) {
unset($item);
+ // The item is not supported, so remove it (cleanup)
+ } else {
+ $item = '';
}
}