41937: Anonymous user can activate notifications for wiki - leading t…

…o notifications to crash
surlabs · Nov 12, 2024 · fc8905d · fc8905d
1 parent 97cc552
commit fc8905d
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 2 deletions.
diff --git a/Modules/Wiki/Setup/class.Agent.php b/Modules/Wiki/Setup/class.Agent.php
@@ -30,7 +30,7 @@ class Agent extends Setup\Agent\NullAgent
     public function getUpdateObjective(Setup\Config $config = null): Setup\Objective
     {
         return new Setup\ObjectiveCollection(
-            "Updates of Services/Skill",
+            "Updates of Wiki",
             false,
             ...$this->getObjectives()
         );
@@ -62,6 +62,7 @@ protected function getObjectives(): array
 
         // db update steps
         $objectives[] = new \ilDatabaseUpdateStepsExecutedObjective(new ilWikiDBUpdateSteps());
+        $objectives[] = new \ilDatabaseUpdateStepsExecutedObjective(new ilWiki8HotfixDBUpdateSteps());
 
         return $objectives;
     }

diff --git a/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php b/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php
@@ -0,0 +1,43 @@
+<?php
+
+/**
+ * This file is part of ILIAS, a powerful learning management system
+ * published by ILIAS open source e-Learning e.V.
+ *
+ * ILIAS is licensed with the GPL-3.0,
+ * see https://www.gnu.org/licenses/gpl-3.0.en.html
+ * You should have received a copy of said license along with the
+ * source code, too.
+ *
+ * If this is not the case or you just want to try ILIAS, you'll find
+ * us at:
+ * https://www.ilias.de
+ * https://github.com/ILIAS-eLearning
+ *
+ *********************************************************************/
+
+namespace ILIAS\Wiki\Setup;
+
+/**
+ * @author Alexander Killing <[email protected]>
+ */
+class ilWiki8HotfixDBUpdateSteps implements \ilDatabaseUpdateSteps
+{
+    protected \ilDBInterface $db;
+
+    public function prepare(\ilDBInterface $db): void
+    {
+        $this->db = $db;
+    }
+
+    public function step_1(): void
+    {
+        $db = $this->db;
+        $db->manipulateF(
+            "DELETE FROM notification WHERE " .
+            " user_id = %s",
+            ["integer"],
+            [13]
+        );
+    }
+}
diff --git a/Modules/Wiki/classes/class.ilWikiPageGUI.php b/Modules/Wiki/classes/class.ilWikiPageGUI.php
@@ -193,7 +193,8 @@ public function executeCommand(): string
                     self::initEditingJS($this->tpl);
                 }
 
-                if ($this->wiki_request->getNotification() > 0) {
+                if ($this->wiki_request->getNotification() > 0
+                    && $ilUser->getId() !== ANONYMOUS_USER_ID) {
                     switch ($this->wiki_request->getNotification()) {
                         case 1:
                             ilNotification::setNotification(ilNotification::TYPE_WIKI, $ilUser->getId(), $this->getPageObject()->getParentId(), false);