Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(richobjectstrings): Add missing placeholder validation #49116

Merged
merged 3 commits into from
Nov 7, 2024
Merged

fix(richobjectstrings): Add missing placeholder validation #49116

merged 3 commits into from
Nov 7, 2024

Conversation

nickvergessen
Copy link
Member

@nickvergessen nickvergessen commented Nov 6, 2024
edited
Loading

Summary

Some apps were using placeholders with spaces, @ and slashes. But the frontend only allowed [a-z\-_.0-9]+
https://github.com/nextcloud-libraries/nextcloud-vue/blob/master/src/components/NcRichText/NcRichText.vue#L396-L397
At the same time, using 0-9 only would break in PHP as that makes it not a string anymore but a number, so additionally we now require the placeholder to start with a-zA-Z

The recommended workaround is to not use "user ids" and other things directly, but instead using hardcoded strings like actor or "counting keys" like user-1, similar to how comments does it on it's activities:

Checklist

@nickvergessen nickvergessen added bug 3. to review Waiting for reviews labels Nov 6, 2024
@nickvergessen nickvergessen added this to the Nextcloud 31 milestone Nov 6, 2024
@nickvergessen nickvergessen requested review from come-nc and a team November 6, 2024 20:41
@nickvergessen nickvergessen self-assigned this Nov 6, 2024
@nickvergessen nickvergessen requested review from ArtificialOwl and provokateurin and removed request for a team November 6, 2024 20:41
@nickvergessen nickvergessen added the pending documentation This pull request needs an associated documentation update label Nov 6, 2024
provokateurin
provokateurin approved these changes Nov 7, 2024
View reviewed changes
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lib/private/RichObjectStrings/Validator.php Outdated Show resolved Hide resolved
come-nc
come-nc requested changes Nov 7, 2024
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good apart from typo

lib/public/RichObjectStrings/IValidator.php Outdated Show resolved Hide resolved
@nickvergessen nickvergessen requested a review from come-nc November 7, 2024 09:38
@nickvergessen nickvergessen merged commit 31f4f67 into master Nov 7, 2024
175 of 177 checks passed
@nickvergessen nickvergessen deleted the bugfix/noid/validate-parameter-keys branch November 7, 2024 13:25
@skjnldsv skjnldsv mentioned this pull request Jan 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@provokateurin provokateurin provokateurin approved these changes

@come-nc come-nc come-nc approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl was automatically assigned from nextcloud/server-backend

Assignees

@nickvergessen nickvergessen

Labels
3. to review Waiting for reviews bug pending documentation This pull request needs an associated documentation update
Projects
None yet
Milestone
Nextcloud 31
Development

Successfully merging this pull request may close these issues.
3 participants
@nickvergessen @provokateurin @come-nc