Skip to content

Commit

Permalink
Merge pull request #3823 from wallabag/fix-tag-api-leak
Browse files Browse the repository at this point in the history 
Fix tag API leak
  • Loading branch information
@j0k3r
j0k3r committed Jan 3, 2019
2 parents 4d0c632 + 6c40d7f commit 2378fd6
Show file tree
Hide file tree
Showing 5 changed files with 214 additions and 147 deletions.
22 changes: 11 additions & 11 deletions src/Wallabag/ApiBundle/Controller/TagRestController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,14 @@ public function deleteTagLabelAction(Request $request)
$this->validateAuthentication();
$label = $request->get('tag', '');

$tag = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($label);
$tags = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser([$label], $this->getUser()->getId());

if (empty($tag)) {
if (empty($tags)) {
throw $this->createNotFoundException('Tag not found');
}

$tag = $tags[0];

$this->getDoctrine()
->getRepository('WallabagCoreBundle:Entry')
->removeTag($this->getUser()->getId(), $tag);
Expand Down Expand Up @@ -80,15 +82,7 @@ public function deleteTagsLabelAction(Request $request)

$tagsLabels = $request->get('tags', '');

$tags = [];

foreach (explode(',', $tagsLabels) as $tagLabel) {
$tagEntity = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findOneByLabel($tagLabel);

if (!empty($tagEntity)) {
$tags[] = $tagEntity;
}
}
$tags = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser(explode(',', $tagsLabels), $this->getUser()->getId());

if (empty($tags)) {
throw $this->createNotFoundException('Tags not found');
Expand Down Expand Up @@ -120,6 +114,12 @@ public function deleteTagAction(Tag $tag)
{
$this->validateAuthentication();

$tagFromDb = $this->getDoctrine()->getRepository('WallabagCoreBundle:Tag')->findByLabelsAndUser([$tag->getLabel()], $this->getUser()->getId());

if (empty($tagFromDb)) {
throw $this->createNotFoundException('Tag not found');
}

$this->getDoctrine()
->getRepository('WallabagCoreBundle:Entry')
->removeTag($this->getUser()->getId(), $tag);
Expand Down
197 changes: 106 additions & 91 deletions src/Wallabag/CoreBundle/DataFixtures/ORM/LoadEntryData.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,97 +14,112 @@ class LoadEntryData extends AbstractFixture implements OrderedFixtureInterface
*/
public function load(ObjectManager $manager)
{
$entry1 = new Entry($this->getReference('admin-user'));
$entry1->setUrl('http://0.0.0.0/entry1');
$entry1->setReadingTime(11);
$entry1->setDomainName('domain.io');
$entry1->setMimetype('text/html');
$entry1->setTitle('test title entry1');
$entry1->setContent('This is my content /o/');
$entry1->setLanguage('en');

$entry1->addTag($this->getReference('foo-tag'));
$entry1->addTag($this->getReference('baz-tag'));

$manager->persist($entry1);

$this->addReference('entry1', $entry1);

$entry2 = new Entry($this->getReference('admin-user'));
$entry2->setUrl('http://0.0.0.0/entry2');
$entry2->setReadingTime(1);
$entry2->setDomainName('domain.io');
$entry2->setMimetype('text/html');
$entry2->setTitle('test title entry2');
$entry2->setContent('This is my content /o/');
$entry2->setOriginUrl('ftp://oneftp.tld');
$entry2->setLanguage('fr');

$manager->persist($entry2);

$this->addReference('entry2', $entry2);

$entry3 = new Entry($this->getReference('bob-user'));
$entry3->setUrl('http://0.0.0.0/entry3');
$entry3->setReadingTime(1);
$entry3->setDomainName('domain.io');
$entry3->setMimetype('text/html');
$entry3->setTitle('test title entry3');
$entry3->setContent('This is my content /o/');
$entry3->setLanguage('en');

$entry3->addTag($this->getReference('foo-tag'));
$entry3->addTag($this->getReference('bar-tag'));

$manager->persist($entry3);

$this->addReference('entry3', $entry3);

$entry4 = new Entry($this->getReference('admin-user'));
$entry4->setUrl('http://0.0.0.0/entry4');
$entry4->setReadingTime(12);
$entry4->setDomainName('domain.io');
$entry4->setMimetype('text/html');
$entry4->setTitle('test title entry4');
$entry4->setContent('This is my content /o/');
$entry4->setLanguage('en');

$entry4->addTag($this->getReference('foo-tag'));
$entry4->addTag($this->getReference('bar-tag'));

$manager->persist($entry4);

$this->addReference('entry4', $entry4);

$entry5 = new Entry($this->getReference('admin-user'));
$entry5->setUrl('http://0.0.0.0/entry5');
$entry5->setReadingTime(12);
$entry5->setDomainName('domain.io');
$entry5->setMimetype('text/html');
$entry5->setTitle('test title entry5');
$entry5->setContent('This is my content /o/');
$entry5->setStarred(true);
$entry5->setLanguage('fr');
$entry5->setPreviewPicture('http://0.0.0.0/image.jpg');

$manager->persist($entry5);

$this->addReference('entry5', $entry5);

$entry6 = new Entry($this->getReference('admin-user'));
$entry6->setUrl('http://0.0.0.0/entry6');
$entry6->setReadingTime(12);
$entry6->setDomainName('domain.io');
$entry6->setMimetype('text/html');
$entry6->setTitle('test title entry6');
$entry6->setContent('This is my content /o/');
$entry6->setArchived(true);
$entry6->setLanguage('de');
$entry6->addTag($this->getReference('bar-tag'));

$manager->persist($entry6);

$this->addReference('entry6', $entry6);
$entries = [
'entry1' => [
'user' => 'admin-user',
'url' => 'http://0.0.0.0/entry1',
'reading_time' => 11,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry1',
'content' => 'This is my content /o/',
'language' => 'en',
'tags' => ['foo-tag', 'baz-tag'],
],
'entry2' => [
'user' => 'admin-user',
'url' => 'http://0.0.0.0/entry2',
'reading_time' => 1,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry2',
'content' => 'This is my content /o/',
'origin' => 'ftp://oneftp.tld',
'language' => 'fr',
],
'entry3' => [
'user' => 'bob-user',
'url' => 'http://0.0.0.0/entry3',
'reading_time' => 1,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry3',
'content' => 'This is my content /o/',
'language' => 'en',
'tags' => ['foo-tag', 'bar-tag', 'bob-tag'],
],
'entry4' => [
'user' => 'admin-user',
'url' => 'http://0.0.0.0/entry4',
'reading_time' => 12,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry4',
'content' => 'This is my content /o/',
'language' => 'en',
'tags' => ['foo-tag', 'bar-tag'],
],
'entry5' => [
'user' => 'admin-user',
'url' => 'http://0.0.0.0/entry5',
'reading_time' => 12,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry5',
'content' => 'This is my content /o/',
'language' => 'fr',
'starred' => true,
'preview' => 'http://0.0.0.0/image.jpg',
],
'entry6' => [
'user' => 'admin-user',
'url' => 'http://0.0.0.0/entry6',
'reading_time' => 12,
'domain' => 'domain.io',
'mime' => 'text/html',
'title' => 'test title entry6',
'content' => 'This is my content /o/',
'language' => 'de',
'archived' => true,
'tags' => ['bar-tag'],
],
];

foreach ($entries as $reference => $item) {
$entry = new Entry($this->getReference($item['user']));
$entry->setUrl($item['url']);
$entry->setReadingTime($item['reading_time']);
$entry->setDomainName($item['domain']);
$entry->setMimetype($item['mime']);
$entry->setTitle($item['title']);
$entry->setContent($item['content']);
$entry->setLanguage($item['language']);

if (isset($item['tags'])) {
foreach ($item['tags'] as $tag) {
$entry->addTag($this->getReference($tag));
}
}

if (isset($item['origin'])) {
$entry->setOriginUrl($item['origin']);
}

if (isset($item['starred'])) {
$entry->setStarred($item['starred']);
}

if (isset($item['archived'])) {
$entry->setArchived($item['archived']);
}

if (isset($item['preview'])) {
$entry->setPreviewPicture($item['preview']);
}

$manager->persist($entry);
$this->addReference($reference, $entry);
}

$manager->flush();
}
Expand Down
43 changes: 16 additions & 27 deletions src/Wallabag/CoreBundle/DataFixtures/ORM/LoadTagData.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,33 +14,22 @@ class LoadTagData extends AbstractFixture implements OrderedFixtureInterface
*/
public function load(ObjectManager $manager)
{
$tag1 = new Tag();
$tag1->setLabel('foo bar');

$manager->persist($tag1);

$this->addReference('foo-bar-tag', $tag1);

$tag2 = new Tag();
$tag2->setLabel('bar');

$manager->persist($tag2);

$this->addReference('bar-tag', $tag2);

$tag3 = new Tag();
$tag3->setLabel('baz');

$manager->persist($tag3);

$this->addReference('baz-tag', $tag3);

$tag4 = new Tag();
$tag4->setLabel('foo');

$manager->persist($tag4);

$this->addReference('foo-tag', $tag4);
$tags = [
'foo-bar-tag' => 'foo bar', //tag used for EntryControllerTest
'bar-tag' => 'bar',
'baz-tag' => 'baz', // tag used for ExportControllerTest
'foo-tag' => 'foo',
'bob-tag' => 'bob', // tag used for TagRestControllerTest
];

foreach ($tags as $reference => $label) {
$tag = new Tag();
$tag->setLabel($label);

$manager->persist($tag);

$this->addReference($reference, $tag);
}

$manager->flush();
}
Expand Down
53 changes: 37 additions & 16 deletions src/Wallabag/CoreBundle/Repository/TagRepository.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace Wallabag\CoreBundle\Repository;

use Doctrine\ORM\EntityRepository;
use Doctrine\ORM\QueryBuilder;
use Wallabag\CoreBundle\Entity\Tag;

class TagRepository extends EntityRepository
Expand Down Expand Up @@ -45,12 +46,8 @@ public function countAllTags($userId, $cacheLifeTime = null)
*/
public function findAllTags($userId)
{
$ids = $this->createQueryBuilder('t')
$ids = $this->getQueryBuilderByUser($userId)
->select('t.id')
->leftJoin('t.entries', 'e')
->where('e.user = :userId')->setParameter('userId', $userId)
->groupBy('t.id')
->orderBy('t.slug')
->getQuery()
->getArrayResult();

Expand All @@ -71,18 +68,30 @@ public function findAllTags($userId)
*/
public function findAllFlatTagsWithNbEntries($userId)
{
return $this->createQueryBuilder('t')
return $this->getQueryBuilderByUser($userId)
->select('t.id, t.label, t.slug, count(e.id) as nbEntries')
->distinct(true)
->leftJoin('t.entries', 'e')
->where('e.user = :userId')
->groupBy('t.id')
->orderBy('t.slug')
->setParameter('userId', $userId)
->getQuery()
->getArrayResult();
}

public function findByLabelsAndUser($labels, $userId)
{
$qb = $this->getQueryBuilderByUser($userId)
->select('t.id');

$ids = $qb->andWhere($qb->expr()->in('t.label', $labels))
->getQuery()
->getArrayResult();

$tags = [];
foreach ($ids as $id) {
$tags[] = $this->find($id);
}

return $tags;
}

/**
* Used only in test case to get a tag for our entry.
*
Expand All @@ -101,13 +110,9 @@ public function findOneByEntryAndTagLabel($entry, $label)

public function findForArchivedArticlesByUser($userId)
{
$ids = $this->createQueryBuilder('t')
$ids = $this->getQueryBuilderByUser($userId)
->select('t.id')
->leftJoin('t.entries', 'e')
->where('e.user = :userId')->setParameter('userId', $userId)
->andWhere('e.isArchived = true')
->groupBy('t.id')
->orderBy('t.slug')
->getQuery()
->getArrayResult();

Expand All @@ -118,4 +123,20 @@ public function findForArchivedArticlesByUser($userId)

return $tags;
}

/**
* Retrieve a sorted list of tags used by a user.
*
* @param int $userId
*
* @return QueryBuilder
*/
private function getQueryBuilderByUser($userId)
{
return $this->createQueryBuilder('t')
->leftJoin('t.entries', 'e')
->where('e.user = :userId')->setParameter('userId', $userId)
->groupBy('t.id')
->orderBy('t.slug');
}
}

0 comments on commit 2378fd6

Please sign in to comment.