From 86d51faf4cfa430b2178b20c0c80fcbeafa41efc Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Mon, 13 Jun 2022 16:45:35 -0700 Subject: [PATCH] parsePrefix() - Don't confuse financialacls dynamic-permissions with permission-prefixes --- CRM/Utils/String.php | 12 ++++++++---- tests/phpunit/CRM/Core/Permission/BaseTest.php | 1 + tests/phpunit/CRM/Utils/StringTest.php | 1 + 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CRM/Utils/String.php b/CRM/Utils/String.php index 69f74151a0..7cb44d0fc1 100644 --- a/CRM/Utils/String.php +++ b/CRM/Utils/String.php @@ -692,18 +692,22 @@ class CRM_Utils_String { * @param string $string * E.g. "view all contacts". Syntax: "[prefix:]name". * @param string|null $defaultPrefix + * @param string $validPrefixPattern + * A regular expression used to determine if a prefix is valid. + * To wit: Prefixes MUST be strictly alphanumeric. * * @return array * (0 => string|NULL $prefix, 1 => string $value) */ - public static function parsePrefix($delim, $string, $defaultPrefix = NULL) { + public static function parsePrefix($delim, $string, $defaultPrefix = NULL, $validPrefixPattern = '/^[A-Za-z0-9]+$/') { $pos = strpos($string, $delim); if ($pos === FALSE) { return [$defaultPrefix, $string]; } - else { - return [substr($string, 0, $pos), substr($string, 1 + $pos)]; - } + + $lhs = substr($string, 0, $pos); + $rhs = substr($string, 1 + $pos); + return preg_match($validPrefixPattern, $lhs) ? [$lhs, $rhs] : [$defaultPrefix, $string]; } /** diff --git a/tests/phpunit/CRM/Core/Permission/BaseTest.php b/tests/phpunit/CRM/Core/Permission/BaseTest.php index 63ddc5fee4..2b1e701fab 100644 --- a/tests/phpunit/CRM/Core/Permission/BaseTest.php +++ b/tests/phpunit/CRM/Core/Permission/BaseTest.php @@ -16,6 +16,7 @@ class CRM_Core_Permission_BaseTest extends CiviUnitTestCase { $cases = []; $cases[] = ['administer CiviCRM', 'administer CiviCRM']; + $cases[] = ['create contributions of type Event Fee: Canada', 'create contributions of type Event Fee: Canada']; $cases[] = ['cms:universal name', 'local name']; $cases[] = ['cms:universal name2', 'local name2']; $cases[] = ['cms:unknown universal name', CRM_Core_Permission::ALWAYS_DENY_PERMISSION]; diff --git a/tests/phpunit/CRM/Utils/StringTest.php b/tests/phpunit/CRM/Utils/StringTest.php index 43850aaa48..a593e25ee1 100644 --- a/tests/phpunit/CRM/Utils/StringTest.php +++ b/tests/phpunit/CRM/Utils/StringTest.php @@ -132,6 +132,7 @@ class CRM_Utils_StringTest extends CiviUnitTestCase { public function parsePrefixData(): array { $cases = []; $cases[] = ['administer CiviCRM', NULL, [NULL, 'administer CiviCRM']]; + $cases[] = ['create contributions of type Event Fee: Canada', NULL, [NULL, 'create contributions of type Event Fee: Canada']]; $cases[] = ['administer CiviCRM', 'com_civicrm', ['com_civicrm', 'administer CiviCRM']]; $cases[] = ['Drupal:access user profiles', NULL, ['Drupal', 'access user profiles']]; $cases[] = ['Joomla:component:perm', NULL, ['Joomla', 'component:perm']]; -- 2.25.1