Commit dfa36ce7 authored by Thomas Löffler's avatar Thomas Löffler
Browse files

Merge branch '541-do-not-allow-to-upload-extensions-with-invalid-versions' into 'develop'

[BUGFIX] Make valid version check more restrictive

Closes #541

See merge request !691
parents b1f67bd6 fb188583
Pipeline #20508 passed with stages
in 11 minutes and 34 seconds
......@@ -20,6 +20,7 @@ use T3o\Ter\Exception\NotFoundException;
use T3o\Ter\Exception\NoUploadCommentException;
use T3o\Ter\Exception\UnauthorizedException;
use T3o\TerFe2\Service\LTSVersionService;
use T3o\TerFe2\Service\ValidExtensionVersionService;
use T3o\TerFe2\Utility\ArchiveUtility;
use T3o\TerFe2\Utility\CategoryUtility;
use T3o\TerFe2\Utility\VersionUtility;
......@@ -99,7 +100,7 @@ class ExtensionVersion
*/
public function isValidVersionNumber(): bool
{
return preg_match('/^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$/', $this->version) !== false;
return ValidExtensionVersionService::isVersionStringValid($this->version);
// alternative (preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $version) !== false) {
}
......
......@@ -123,6 +123,16 @@ class ExtensionIndexService implements LoggerAwareInterface
// Create the nested XML structure:
foreach ($extensionsAndVersionsArr as $extensionKey => $extensionVersionsArr) {
$extensionHasMinimumOneValidVersion = false;
foreach ($extensionVersionsArr['versions'] as $versionNumber => $extensionVersionArr) {
if (ValidExtensionVersionService::isVersionStringValid($versionNumber)) {
$extensionHasMinimumOneValidVersion = true;
break;
}
}
if (!$extensionHasMinimumOneValidVersion) {
continue;
}
$extensionObj = $extensionsObj->appendChild(new \DOMElement('extension'));
$extensionObj->appendChild(new \DOMAttr('extensionkey', $extensionKey));
$extensionObj->appendChild(
......@@ -133,6 +143,9 @@ class ExtensionIndexService implements LoggerAwareInterface
);
foreach ($extensionVersionsArr['versions'] as $versionNumber => $extensionVersionArr) {
if (!ValidExtensionVersionService::isVersionStringValid($versionNumber)) {
continue;
}
$versionObj = $extensionObj->appendChild(new \DOMElement('version'));
$versionObj->appendChild(new \DOMAttr('version', (string)$versionNumber));
$versionObj->appendChild(new \DOMElement('title', $this->xmlentities((string)$extensionVersionArr['title'])));
......
<?php
declare(strict_types = 1);
namespace T3o\TerFe2\Service;
final class ValidExtensionVersionService
{
public const VERSION_REGEX = '/^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$/';
public static function isVersionStringValid(string $versionString): bool
{
return (bool)preg_match(self::VERSION_REGEX, $versionString);
}
}
<?php
declare(strict_types = 1);
namespace T3o\TerFe2\Tests\Service;
/*
* This file is part of a TYPO3 extension.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use T3o\TerFe2\Service\ValidExtensionVersionService;
class ValidExtensionVersionServiceTest extends \Nimut\TestingFramework\TestCase\AbstractTestCase
{
/**
* @test
* @param string $versionNumber
* @dataProvider isVersionStringOfExtensionVersionValidDataProvider
*/
public function isVersionStringOfExtensionVersionValid(string $versionNumber)
{
self::assertTrue(
ValidExtensionVersionService::isVersionStringValid($versionNumber)
);
}
/**
* @test
* @param string $versionNumber
* @dataProvider isVersionStringOfExtensionVersionInvalidDataProvider
*/
public function isVersionStringOfExtensionVersionInvalid(string $versionNumber)
{
self::assertFalse(
ValidExtensionVersionService::isVersionStringValid($versionNumber)
);
}
/**
* Data provider for isVersionStringOfExtensionVersionValid
*
* @return array
*/
public function isVersionStringOfExtensionVersionValidDataProvider()
{
return [
['Version 1.0.0 is valid' => '1.0.0'],
['Version 1.99.0 is valid' => '1.99.0'],
['Version 1.999.999 is valid' => '1.999.999'],
['Version 0.999.999 is valid' => '0.999.999'],
['Version 0.0.0 is valid' => '0.0.0'],
];
}
/**
* Data provider for isVersionStringOfExtensionVersionInvalid
*
* @return array
*/
public function isVersionStringOfExtensionVersionInvalidDataProvider()
{
return [
['Version 1.0.00 is invalid' => '1.0.00'],
['Version 01.0.0 is invalid' => '01.0.0'],
['Version 1.0.0-beta is invalid' => '1.0.0-beta'],
['Version 1.0.0 - dev is invalid' => '1.0.0 - dev'],
['Version v1.0.0 is invalid' => 'v1.0.0'],
['Version 1.0.9999 is invalid' => '1.0.9999'],
['Version 1.0 is invalid' => '1.0'],
['Version 1..0 is invalid' => '1..0'],
['Version .1.0. is invalid' => '.1.0.'],
['Version 1.0.0 Free is invalid' => '1.0.0 Free'],
['Version 0.02.3 is invalid' => '0.02.3'],
['Version 1.a.3 is invalid' => '1.a.3'],
['Version 1-0-0 is invalid' => '1-0-0'],
['Version 100 is invalid' => '100'],
];
}
}
......@@ -1659,7 +1659,7 @@
"schema": {
"maxLength": 14,
"minLength": 5,
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
"pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
"type": "string"
},
"example": "10.4.8"
......@@ -1802,7 +1802,7 @@
"schema": {
"maxLength": 14,
"minLength": 5,
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
"pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
"type": "string"
},
"example": "10.4.8"
......@@ -1980,7 +1980,7 @@
"schema": {
"maxLength": 14,
"minLength": 5,
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
"pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
"type": "string"
},
"example": "10.4.8"
......@@ -2118,7 +2118,7 @@
"schema": {
"maxLength": 14,
"minLength": 5,
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
"pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
"type": "string"
},
"example": "10.4.8"
......@@ -3098,7 +3098,7 @@
"schema": {
"maxLength": 14,
"minLength": 5,
"pattern": "^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$",
"pattern": "^(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})\\.(0|[1-9]\\d{0,2})$",
"type": "string"
},
"example": "10.4.8"
......
......@@ -1072,7 +1072,7 @@ paths:
schema:
maxLength: 14
minLength: 5
pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
type: string
example: 10.4.8
responses:
......@@ -1163,7 +1163,7 @@ paths:
schema:
maxLength: 14
minLength: 5
pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
type: string
example: 10.4.8
requestBody:
......@@ -1276,7 +1276,7 @@ paths:
schema:
maxLength: 14
minLength: 5
pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
type: string
example: 10.4.8
responses:
......@@ -1364,7 +1364,7 @@ paths:
schema:
maxLength: 14
minLength: 5
pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
type: string
example: 10.4.8
- name: review_state
......@@ -2026,7 +2026,7 @@ components:
schema:
maxLength: 14
minLength: 5
pattern: ^\d{1,3}\.\d{1,3}\.\d{1,3}$
pattern: ^(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})\.(0|[1-9]\d{0,2})$
type: string
example: 10.4.8
ReviewState:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment