[MediaWiki-commits] [Gerrit] mediawiki...WikibaseLexeme[master]: Validate LexemeId format on deserialization

Aleksey Bekh-Ivanov (WMDE) (Code Review) Thu, 09 Feb 2017 10:44:02 -0800

Aleksey Bekh-Ivanov (WMDE) has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/336860 )


Change subject: Validate LexemeId format on deserialization
......................................................................

Validate LexemeId format on deserialization

Change-Id: I44cc3f05f4f9f9eabab13cde619f506bdd3b04dd
---
M src/DataModel/LexemeId.php
M tests/phpunit/composer/DataModel/LexemeIdTest.php
2 files changed, 23 insertions(+), 7 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/WikibaseLexeme 
refs/changes/60/336860/1

diff --git a/src/DataModel/LexemeId.php b/src/DataModel/LexemeId.php
index 3f3261c..a751764 100644
--- a/src/DataModel/LexemeId.php
+++ b/src/DataModel/LexemeId.php
@@ -63,7 +63,7 @@
         * @param string $serialized
         */
        public function unserialize( $serialized ) {
-               $this->serialization = $serialized;
+               $this->serialization = (new self( $serialized ))->serialization;
        }
 
        /**
diff --git a/tests/phpunit/composer/DataModel/LexemeIdTest.php 
b/tests/phpunit/composer/DataModel/LexemeIdTest.php
index 1a6baf4..5ae4a8f 100644
--- a/tests/phpunit/composer/DataModel/LexemeIdTest.php
+++ b/tests/phpunit/composer/DataModel/LexemeIdTest.php
@@ -97,13 +97,29 @@
        public function serializationProvider() {
                return [
                        [ 'L2', 'L2' ],
+                       [ 'foo:L2', 'foo:L2' ],
+               ];
+       }
 
-                       // All these cases are kind of an injection vector and 
allow constructing invalid ids.
-                       [ 'L2', 'L2' ],
-                       [ 'string', 'string' ],
-                       [ '', '' ],
-                       [ 2, 2 ],
-                       [ null, null ],
+       /**
+        * @dataProvider badSerializationProvider
+        */
+       public function testCannotDeserializeWithWrongFormat( 
$wrongSerialization ) {
+               $id = new LexemeId( 'L1' );
+
+               $this->setExpectedException( \Exception::class );
+               $id->unserialize( $wrongSerialization );
+       }
+
+       public function badSerializationProvider() {
+               return [
+                       'item id' => [ 'Q1' ],
+                       'property id' => [ 'P1' ],
+                       'spaces' => [ 'foo: bar :L1' ],
+                       'wrong format' => [ 'some string' ],
+                       'empty string' => [ '' ],
+                       'number' => [ 2 ],
+                       'null' => [ null ],
                ];
        }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/336860
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I44cc3f05f4f9f9eabab13cde619f506bdd3b04dd
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/WikibaseLexeme
Gerrit-Branch: master
Gerrit-Owner: Aleksey Bekh-Ivanov (WMDE) <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki...WikibaseLexeme[master]: Validate LexemeId format on deserialization

Reply via email to