X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FUtil%2FACLFormatter.php;h=cd398fc280a419c314fe6b2e7a0a5af7ae299cf6;hb=e659a0314086dd700dbe5e754e383ab758725805;hp=a7d851508d4e22d1c9441b959eb541c56e2875b9;hpb=41261ba7e1c713e0ac7dce8099934ddd3b3ccd93;p=friendica.git diff --git a/src/Util/ACLFormatter.php b/src/Util/ACLFormatter.php index a7d851508d..cd398fc280 100644 --- a/src/Util/ACLFormatter.php +++ b/src/Util/ACLFormatter.php @@ -1,8 +1,27 @@ . + * + */ namespace Friendica\Util; -use Friendica\Model\Group; +use Friendica\Model\Circle; /** * Util class for ACL formatting @@ -10,37 +29,64 @@ use Friendica\Model\Group; final class ACLFormatter { /** - * Turn user/group ACLs stored as angle bracketed text into arrays + * Turn user/circle ACLs stored as angle bracketed text into arrays * - * @param string|null $ids A angle-bracketed list of IDs + * @param string|null $acl_string A angle-bracketed list of IDs * * @return array The array based on the IDs (empty in case there is no list) */ - public function expand(string $ids = null) + public function expand(string $acl_string = null): array { // In case there is no ID list, return empty array (=> no ACL set) - if (!isset($ids)) { + if (empty($acl_string)) { return []; } // turn string array of angle-bracketed elements into numeric array // e.g. "<1><2><3>" => array(1,2,3); - preg_match_all('/<(' . Group::FOLLOWERS . '|'. Group::MUTUALS . '|[0-9]+)>/', $ids, $matches, PREG_PATTERN_ORDER); + preg_match_all('/<(' . Circle::FOLLOWERS . '|'. Circle::MUTUALS . '|[0-9]+)>/', $acl_string, $matches, PREG_PATTERN_ORDER); return $matches[1]; } + /** + * Takes an arbitrary ACL string and sanitizes it for storage + * + * @param string|null $acl_string + * @return string + */ + public function sanitize(string $acl_string = null): string + { + if (empty($acl_string)) { + return ''; + } + + $cleaned_list = trim($acl_string, '<>'); + + if (empty($cleaned_list)) { + return ''; + } + + $elements = explode('><', $cleaned_list); + + sort($elements); + + array_walk($elements, [$this, 'sanitizeItem']); + + return implode('', $elements); + } + /** * Wrap ACL elements in angle brackets for storage * * @param string $item The item to sanitise */ - private function sanitize(string &$item) { + private function sanitizeItem(string &$item) { // The item is an ACL int value if (intval($item)) { - $item = '<' . intval(Strings::escapeTags(trim($item))) . '>'; + $item = '<' . intval($item) . '>'; // The item is a allowed ACL character - } elseif (in_array($item, [Group::FOLLOWERS, Group::MUTUALS])) { + } elseif (in_array($item, [Circle::FOLLOWERS, Circle::MUTUALS])) { $item = '<' . $item . '>'; // The item is already a ACL string } elseif (preg_match('/<\d+?>/', $item)) { @@ -61,16 +107,19 @@ final class ACLFormatter * * @return string */ - function toString($permissions) { + function toString($permissions): string + { $return = ''; if (is_array($permissions)) { $item = $permissions; + } elseif (empty($permissions)) { + return ''; } else { $item = explode(',', $permissions); } if (is_array($item)) { - array_walk($item, [$this, 'sanitize']); + array_walk($item, [$this, 'sanitizeItem']); $return = implode('', $item); } return $return;