diff --git a/lib/Model/ActivityPub/ACore.php b/lib/Model/ActivityPub/ACore.php index 2a19aca1..e0df238f 100644 --- a/lib/Model/ActivityPub/ACore.php +++ b/lib/Model/ActivityPub/ACore.php @@ -50,6 +50,14 @@ abstract class ACore implements JsonSerializable { const CONTEXT_ACTIVITYSTREAMS = 'https://www.w3.org/ns/activitystreams'; const CONTEXT_SECURITY = 'https://w3id.org/security/v1'; + const AS_ID = 1; + const AS_TYPE = 2; + const AS_URL = 3; + const AS_DATE = 4; + const AS_USERNAME = 5; + const AS_ACCOUNT = 6; + const AS_STRING = 7; + /** @var string */ private $urlSocial = ''; @@ -900,20 +908,92 @@ abstract class ACore implements JsonSerializable { return $this; } + /** + * @param int $as + * @param string $k + * @param array $arr + * @param string $default + * + * @return string + */ + public function validate(int $as, string $k, array $arr, string $default = ''): string { + $value = $this->valideEntryString($as, $this->get($k, $arr, $default)); + + + return $value; + } + + + /** + * @param $as + * @param $value + * + * @return string + */ + public function validateEntryString(int $as, string $value): string { + switch ($as) { + case self::AS_ID: + // TODO check if id looks valid or Exception + break; + + case self::AS_TYPE: + // TODO check if type looks valid or Exception + break; + + case self::AS_URL: + // TODO check if url looks valid or Exception + break; + + case self::AS_DATE: + // TODO check that date is valid + break; + + case self::AS_STRING: + // Clean string + break; + + default: + // exception + break; + } + + return $value; + } + + + /** + * @param int $as + * @param string $k + * @param array $arr + * @param array $default + * + * @return array + */ + public function validateArray(int $as, string $k, array $arr, array $default = []): array { + $values = $this->getArray($k, $arr, $default); + + $result = []; + foreach ($values as $value) { + $result[] = $this->validateEntryString($as, $value); + } + + return $result; + } + /** * @param array $data */ public function import(array $data) { - $this->setId($this->get('id', $data, '')); - $this->setType($this->get('type', $data, '')); - $this->setUrl($this->get('url', $data, '')); - $this->setSummary($this->get('summary', $data, '')); - $this->setToArray($this->getArray('to', $data, [])); - $this->setCcArray($this->getArray('cc', $data, [])); - $this->setPublished($this->get('published', $data, '')); - $this->setActorId($this->get('actor', $data, '')); - $this->setObjectId($this->get('object', $data, '')); + $this->setId($this->validate(self::AS_ID, 'id', $data, '')); + $this->setType($this->validate(self::AS_TYPE, 'type', $data, '')); + $this->setUrl($this->validate(self::AS_URL, 'url', $data, '')); + $this->setSummary($this->validate(self::AS_STRING, 'summary', $data, '')); + $this->setToArray($this->validateArray(self::AS_ID, 'to', $data, [])); + $this->setCcArray($this->validateArray(self::AS_ID, 'cc', $data, [])); + $this->setPublished($this->validate(self::AS_DATE, 'published', $data, '')); + $this->setActorId($this->validate(self::AS_ID, 'actor', $data, '')); + $this->setObjectId($this->validate(self::AS_ID, 'object', $data, '')); } diff --git a/lib/Model/ActivityPub/Activity/Create.php b/lib/Model/ActivityPub/Activity/Create.php index 690e3d07..79385836 100644 --- a/lib/Model/ActivityPub/Activity/Create.php +++ b/lib/Model/ActivityPub/Activity/Create.php @@ -63,7 +63,7 @@ class Create extends ACore implements JsonSerializable { */ public function import(array $data) { parent::import($data); - $this->setActorId($this->get('actor', $data, '')); + $this->setActorId($this->validate(ACore::AS_ID, 'actor', $data, '')); } diff --git a/lib/Model/ActivityPub/Activity/Delete.php b/lib/Model/ActivityPub/Activity/Delete.php index 5cb4b245..9e23d76e 100644 --- a/lib/Model/ActivityPub/Activity/Delete.php +++ b/lib/Model/ActivityPub/Activity/Delete.php @@ -63,7 +63,7 @@ class Delete extends ACore implements JsonSerializable { */ public function import(array $data) { parent::import($data); - $this->setActorId($this->get('actor', $data, '')); + $this->setActorId($this->validate(ACore::AS_ID, 'actor', $data, '')); } diff --git a/lib/Model/ActivityPub/Document.php b/lib/Model/ActivityPub/Document.php index c7da00f8..4aa401cc 100644 --- a/lib/Model/ActivityPub/Document.php +++ b/lib/Model/ActivityPub/Document.php @@ -200,7 +200,7 @@ class Document extends ACore implements JsonSerializable { public function import(array $data) { parent::import($data); - $this->setMediaType($this->get('mediaType', $data, '')); + $this->setMediaType($this->validate(ACore::AS_STRING, 'mediaType', $data, '')); if ($this->getId() === '') { $this->generateUniqueId('/documents/g'); diff --git a/lib/Model/ActivityPub/Note.php b/lib/Model/ActivityPub/Note.php index 53b91c06..7598305e 100644 --- a/lib/Model/ActivityPub/Note.php +++ b/lib/Model/ActivityPub/Note.php @@ -199,11 +199,11 @@ class Note extends ACore implements JsonSerializable { public function import(array $data) { parent::import($data); - $this->setInReplyTo($this->get('inReplyTo', $data, '')); - $this->setAttributedTo($this->get('attributedTo', $data, '')); + $this->setInReplyTo($this->validate(ACore::AS_ID, 'inReplyTo', $data, '')); + $this->setAttributedTo($this->validate(ACore::AS_ID, 'attributedTo', $data, '')); $this->setSensitive($this->getBool('sensitive', $data, false)); - $this->setConversation($this->get('conversation', $data, '')); - $this->setContent($this->get('content', $data, '')); + $this->setConversation($this->validate(ACore::AS_ID, 'conversation', $data, '')); + $this->setContent($this->validate(ACore::AS_STRING, 'content', $data, '')); $this->convertPublished(); } diff --git a/lib/Model/ActivityPub/Person.php b/lib/Model/ActivityPub/Person.php index bfa25a16..f997a78a 100644 --- a/lib/Model/ActivityPub/Person.php +++ b/lib/Model/ActivityPub/Person.php @@ -417,16 +417,18 @@ class Person extends ACore implements JsonSerializable { */ public function import(array $data) { parent::import($data); - $this->setPreferredUsername($this->get('preferredUsername', $data, '')) + $this->setPreferredUsername( + $this->validate(ACore::AS_USERNAME, 'preferredUsername', $data, '') + ) ->setPublicKey($this->get('publicKey.publicKeyPem', $data)) - ->setSharedInbox($this->get('endpoints.sharedInbox', $data)) - ->setName($this->get('name', $data, '')) - ->setAccount($this->get('account', $data, '')) - ->setInbox($this->get('inbox', $data, '')) - ->setOutbox($this->get('outbox', $data, '')) - ->setFollowers($this->get('followers', $data, '')) - ->setFollowing($this->get('following', $data, '')) - ->setFeatured($this->get('featured', $data, '')); + ->setSharedInbox($this->validate(ACore::AS_URL, 'endpoints.sharedInbox', $data)) + ->setName($this->validate(ACore::AS_USERNAME, 'name', $data, '')) + ->setAccount($this->validate(ACore::AS_ACCOUNT, 'account', $data, '')) + ->setInbox($this->validate(ACore::AS_URL, 'inbox', $data, '')) + ->setOutbox($this->validate(ACore::AS_URL, 'outbox', $data, '')) + ->setFollowers($this->validate(ACore::AS_URL, 'followers', $data, '')) + ->setFollowing($this->validate(ACore::AS_URL, 'following', $data, '')) + ->setFeatured($this->validate(ACore::AS_URL, 'featured', $data, '')); $icon = new Image($this); $icon->setUrlCloud($this->getUrlCloud());