Ensure to only store valid item fields

diff --git a/src/Model/Item.php b/src/Model/Item.php
index c75286b25ca5d13b7561373f8f48d47587b74788..13a4a68380667554855d2a8d00f32fcb514ad200 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -31,6 +31,7 @@ use Friendica\Core\Session;
 use Friendica\Core\System;
 use Friendica\Core\Worker;
 use Friendica\Database\DBA;
+use Friendica\Database\DBStructure;
 use Friendica\DI;
 use Friendica\Model\Post\Category;
 use Friendica\Protocol\Activity;
@@ -118,8 +119,22 @@ class Item
        const PRIVATE = 1;
        const UNLISTED = 2;
 
+       const TABLES = ['item', 'user-item', 'item-content', 'post-delivery-data', 'diaspora-interaction'];
+
        private static $legacy_mode = null;
 
+       private static function getItemFields()
+       {
+               $definition = DBStructure::definition('', false);
+
+               $postfields = [];
+               foreach (self::TABLES as $table) {
+                       $postfields[$table] = array_keys($definition[$table]['fields']);
+               }
+
+               return $postfields;
+       }
+
        public static function isLegacyMode()
        {
                if (is_null(self::$legacy_mode)) {
@@ -1572,6 +1587,8 @@ class Item
 
        public static function insert($item, $notify = false, $dontcache = false)
        {
+               $structure = self::getItemFields();
+
                $orig_item = $item;
 
                $priority = PRIORITY_HIGH;
@@ -1839,6 +1856,13 @@ class Item
                        Tag::storeFromBody($item['uri-id'], $body);
                }
 
+               // Remove all fields that aren't part of the item table
+               foreach ($item as $field => $value) {
+                       if (!in_array($field, $structure['item'])) {
+                               unset($item[$field]);
+                       }
+               }
+
                $ret = DBA::insert('item', $item);
 
                // When the item was successfully stored we fetch the ID of the item.