content of note is validated only when imported from database

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

4 files changed, 43 insertions, 40 deletions

diff --git a/lib/Db/NotesRequestBuilder.php b/lib/Db/NotesRequestBuilder.php
index 443deb8e..5995560c 100644
--- a/lib/Db/NotesRequestBuilder.php
+++ b/lib/Db/NotesRequestBuilder.php
@@ -325,21 +325,8 @@ class NotesRequestBuilder extends CoreRequestBuilder {
 	 * @return Note
 	 */
 	protected function parseNotesSelectSql($data): Note {
-		$dTime = new DateTime($this->get('published_time', $data, 'yesterday'));
-
-		// TODO - use $note->importFromDatabase() ?
 		$note = new Note();
-		$note->setId($data['id'])
-			 ->setTo($data['to'])
-			 ->setToArray(json_decode($data['to_array'], true))
-			 ->setCcArray(json_decode($data['cc'], true))
-			 ->setBccArray(json_decode($data['bcc']))
-			 ->setLocal(($data['local'] === '1') ? true : false)
-			 ->setPublished($data['published']);
-		$note->setContent($data['content'])
-			 ->setPublishedTime($dTime->getTimestamp())
-			 ->setAttributedTo($data['attributed_to'])
-			 ->setInReplyTo($data['in_reply_to']);
+		$note->importFromDatabase($data);
 
 		$instances = json_decode($data['instances'], true);
 		if (is_array($instances)) {
diff --git a/lib/Model/ActivityPub/ACore.php b/lib/Model/ActivityPub/ACore.php
index 94b49a09..da3c92a8 100644
--- a/lib/Model/ActivityPub/ACore.php
+++ b/lib/Model/ActivityPub/ACore.php
@@ -468,7 +468,7 @@ class ACore extends Item implements JsonSerializable {
 
 			case self::AS_STRING:
 				$value = strip_tags($value);
-				$value = html_entity_decode($value, ENT_QUOTES);
+				$value = html_entity_decode($value, ENT_QUOTES | ENT_HTML5);
 
 				return $value;
 
@@ -497,7 +497,7 @@ class ACore extends Item implements JsonSerializable {
 		$this->setId($this->validate(self::AS_ID, 'id', $data, ''));
 		$this->setType($this->validate(self::AS_TYPE, 'type', $data, ''));
 		$this->setUrl($this->validate(self::AS_URL, 'url', $data, ''));
-		$this->setSummary($this->validate(self::AS_STRING, 'summary', $data, ''));
+		$this->setSummary($this->get('summary', $data, ''));
 		$this->setToArray($this->validateArray(self::AS_ID, 'to', $data, []));
 		$this->setCcArray($this->validateArray(self::AS_ID, 'cc', $data, []));
 		$this->setPublished($this->validate(self::AS_DATE, 'published', $data, ''));
@@ -510,15 +510,17 @@ class ACore extends Item implements JsonSerializable {
 	 * @param array $data
 	 */
 	public function importFromDatabase(array $data) {
-		$this->setId($this->get('id', $data, ''));
-		$this->setType($this->get('type', $data, ''));
-		$this->setUrl($this->get('url', $data, ''));
-		$this->setSummary($this->get('summary', $data, ''));
-		$this->setToArray($this->getArray('to', $data, []));
-		$this->setCcArray($this->getArray('cc', $data, []));
-		$this->setPublished($this->get('published', $data, ''));
-		$this->setActorId($this->get('actor_id', $data, ''));
-		$this->setObjectId($this->get('object_id', $data, ''));
+		$this->setId($this->validate(self::AS_ID, 'id', $data, ''));
+		$this->setType($this->validate(self::AS_TYPE, 'type', $data, ''));
+		$this->setUrl($this->validate(self::AS_URL, 'url', $data, ''));
+		$this->setSummary($this->validate(self::AS_STRING, 'summary', $data, ''));
+		$this->setTo($this->validate(self::AS_ID, 'to', $data, ''));
+		$this->setToArray($this->validateArray(self::AS_ID, 'to_array', $data, []));
+		$this->setCcArray($this->validateArray(self::AS_ID, 'cc', $data, []));
+		$this->setBccArray($this->validateArray(self::AS_ID, 'bcc', $data, []));
+		$this->setPublished($this->validate(self::AS_DATE, 'published', $data, ''));
+		$this->setActorId($this->validate(self::AS_ID, 'actor_id', $data, ''));
+		$this->setObjectId($this->validate(self::AS_ID, 'object_id', $data, ''));
 		$this->setSource($this->get('source', $data, ''));
 		$this->setLocal(($this->getInt('local', $data, 0) === 1));
 	}
diff --git a/lib/Model/ActivityPub/Actor/Person.php b/lib/Model/ActivityPub/Actor/Person.php
index adb0ce2f..522c1fb7 100644
--- a/lib/Model/ActivityPub/Actor/Person.php
+++ b/lib/Model/ActivityPub/Actor/Person.php
@@ -443,7 +443,6 @@ class Person extends ACore implements JsonSerializable {
 	 * @param array $data
 	 *
 	 * @throws UrlCloudException
-	 * @throws InvalidResourceEntryException
 	 */
 	public function import(array $data) {
 		parent::import($data);
@@ -476,17 +475,17 @@ class Person extends ACore implements JsonSerializable {
 	 */
 	public function importFromDatabase(array $data) {
 		parent::importFromDatabase($data);
-		$this->setPreferredUsername($this->get('preferred_username', $data, ''))
-			 ->setName($this->get('name', $data, ''))
-			 ->setAccount($this->get('account', $data, ''))
+		$this->setPreferredUsername($this->validate(self::AS_USERNAME, 'preferred_username', $data, ''))
+			 ->setName($this->validate(self::AS_USERNAME, 'name', $data, ''))
+			 ->setAccount($this->validate(self::AS_ACCOUNT, 'account', $data, ''))
 			 ->setPublicKey($this->get('public_key', $data, ''))
 			 ->setPrivateKey($this->get('private_key', $data, ''))
-			 ->setInbox($this->get('inbox', $data, ''))
-			 ->setOutbox($this->get('outbox', $data, ''))
-			 ->setFollowers($this->get('followers', $data, ''))
-			 ->setFollowing($this->get('following', $data, ''))
-			 ->setSharedInbox($this->get('shared_inbox', $data, ''))
-			 ->setFeatured($this->get('featured', $data, ''))
+			 ->setInbox($this->validate(self::AS_URL, 'inbox', $data, ''))
+			 ->setOutbox($this->validate(self::AS_URL, 'outbox', $data, ''))
+			 ->setFollowers($this->validate(self::AS_URL, 'followers', $data, ''))
+			 ->setFollowing($this->validate(self::AS_URL, 'following', $data, ''))
+			 ->setSharedInbox($this->validate(self::AS_URL, 'shared_inbox', $data, ''))
+			 ->setFeatured($this->validate(self::AS_URL, 'featured', $data, ''))
 			 ->setDetails($this->getArray('details', $data, []))
 			 ->setCreation($this->getInt('creation', $data, 0));
 	}
diff --git a/lib/Model/ActivityPub/Object/Note.php b/lib/Model/ActivityPub/Object/Note.php
index dfdc3a11..361ed872 100644
--- a/lib/Model/ActivityPub/Object/Note.php
+++ b/lib/Model/ActivityPub/Object/Note.php
@@ -33,7 +33,6 @@ namespace OCA\Social\Model\ActivityPub\Object;
 use DateTime;
 use JsonSerializable;
 use OCA\Social\Model\ActivityPub\ACore;
-use OCA\Social\Service\ActivityService;
 use OCA\Social\Service\SignatureService;
 
 
@@ -211,12 +210,28 @@ class Note extends ACore implements JsonSerializable {
 		$this->setAttributedTo($this->validate(ACore::AS_ID, 'attributedTo', $data, ''));
 		$this->setSensitive($this->getBool('sensitive', $data, false));
 		$this->setConversation($this->validate(ACore::AS_ID, 'conversation', $data, ''));
-		$this->setContent($this->validate(ACore::AS_STRING, 'content', $data, ''));
+		$this->setContent($this->get('content', $data, ''));
 		$this->convertPublished();
 	}
 
 
 	/**
+	 * @param array $data
+	 */
+	public function importFromDatabase(array $data) {
+		parent::importFromDatabase($data);
+
+		$dTime = new DateTime($this->get('published_time', $data, 'yesterday'));
+
+		$this->setContent($this->validate(self::AS_STRING, 'content', $data, ''));;
+
+		$this->setPublishedTime($dTime->getTimestamp());
+		$this->setAttributedTo($this->validate(self::AS_ID, 'attributed_to', $data, ''));
+		$this->setInReplyTo($this->validate(self::AS_ID, 'in_reply_to', $data));
+	}
+
+
+	/**
 	 * @return array
 	 */
 	public function jsonSerialize(): array {
@@ -225,10 +240,10 @@ class Note extends ACore implements JsonSerializable {
 		return array_merge(
 			parent::jsonSerialize(),
 			[
-				'content'      => $this->getContent(),
+				'content' => $this->getContent(),
 				'attributedTo' => $this->getUrlSocial() . $this->getAttributedTo(),
-				'inReplyTo'    => $this->getInReplyTo(),
-				'sensitive'    => $this->isSensitive(),
+				'inReplyTo' => $this->getInReplyTo(),
+				'sensitive' => $this->isSensitive(),
 				'conversation' => $this->getConversation()
 			]
 		);