From c46a68ee9e3cd6fd2e5164c750fe7862a05ba4fe Mon Sep 17 00:00:00 2001 From: Thomas Steur Date: Sat, 26 Oct 2013 23:27:52 +0000 Subject: refs #4179 validate id --- core/Notification/Manager.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'core/Notification') diff --git a/core/Notification/Manager.php b/core/Notification/Manager.php index dbde9bd7fd..372337eb9c 100644 --- a/core/Notification/Manager.php +++ b/core/Notification/Manager.php @@ -25,11 +25,13 @@ class Manager /** * Post a notification to be shown in the status bar. If a notification with the same id has already been posted by your application and has not yet been canceled, it will be replaced by the updated information. * - * @param string $id A unique identifier for this notification + * @param string $id A unique identifier for this notification. Id must be a string and may contain only word characters (AlNum + underscore) * @param Notification $notification */ public static function notify($id, Notification $notification) { + self::checkId($id); + $session = static::getSession(); $session->$id = $notification; @@ -60,6 +62,8 @@ class Manager */ public static function cancel($id) { + self::checkId($id); + $session = static::getSession(); unset($session->$id); } @@ -75,4 +79,19 @@ class Manager return static::$session; } + + /** + * @param $id + * @throws \Exception + */ + private static function checkId($id) + { + if (empty($id)) { + throw new \Exception('Notification ID is empty.'); + } + + if (!is_string($id) || !preg_match('/^(\w)*$/', $id)) { + throw new \Exception('Invalid Notification ID given. Only word characters (AlNum + underscore) allowed.'); + } + } } \ No newline at end of file -- cgit v1.2.3