fix: filter values are not validated (#3795)

SychO9 · web-flow · commit fda63bdda9f8 · 2023-05-07T18:37:53.000+01:00
diff --git a/src/Query/SubscriptionFilterGambit.php b/src/Query/SubscriptionFilterGambit.php
@@ -11,13 +11,16 @@
 
 use Flarum\Filter\FilterInterface;
 use Flarum\Filter\FilterState;
+use Flarum\Filter\ValidateFilterTrait;
 use Flarum\Search\AbstractRegexGambit;
 use Flarum\Search\SearchState;
 use Flarum\User\User;
 use Illuminate\Database\Query\Builder;
 
 class SubscriptionFilterGambit extends AbstractRegexGambit implements FilterInterface
 {
+    use ValidateFilterTrait;
+
     protected function getGambitPattern()
     {
         return 'is:(follow|ignor)(?:ing|ed)';
@@ -33,8 +36,10 @@ public function getFilterKey(): string
         return 'subscription';
     }
 
-    public function filter(FilterState $filterState, string $filterValue, bool $negate)
+    public function filter(FilterState $filterState, $filterValue, bool $negate)
     {
+        $filterValue = $this->asString($filterValue);
+
         preg_match('/^'.$this->getGambitPattern().'$/i', 'is:'.$filterValue, $matches);
 
         $this->constrain($filterState->getQuery(), $filterState->getActor(), $matches[1], $negate);

Original file line number	Diff line number	Diff line change
`@@ -11,13 +11,16 @@`
`11`	`11`
`12`	`12`	`use Flarum\Filter\FilterInterface;`
`13`	`13`	`use Flarum\Filter\FilterState;`
	`14`	`+use Flarum\Filter\ValidateFilterTrait;`
`14`	`15`	`use Flarum\Search\AbstractRegexGambit;`
`15`	`16`	`use Flarum\Search\SearchState;`
`16`	`17`	`use Flarum\User\User;`
`17`	`18`	`use Illuminate\Database\Query\Builder;`
`18`	`19`
`19`	`20`	`class SubscriptionFilterGambit extends AbstractRegexGambit implements FilterInterface`
`20`	`21`	`{`
	`22`	`+ use ValidateFilterTrait;`
	`23`	`+`
`21`	`24`	`protected function getGambitPattern()`
`22`	`25`	`{`
`23`	`26`	`return 'is:(follow\|ignor)(?:ing\|ed)';`
`@@ -33,8 +36,10 @@ public function getFilterKey(): string`
`33`	`36`	`return 'subscription';`
`34`	`37`	`}`
`35`	`38`
`36`		`- public function filter(FilterState $filterState, string $filterValue, bool $negate)`
	`39`	`+ public function filter(FilterState $filterState, $filterValue, bool $negate)`
`37`	`40`	`{`
	`41`	`+ $filterValue = $this->asString($filterValue);`
	`42`	`+`
`38`	`43`	`preg_match('/^'.$this->getGambitPattern().'$/i', 'is:'.$filterValue, $matches);`
`39`	`44`
`40`	`45`	`$this->constrain($filterState->getQuery(), $filterState->getActor(), $matches[1], $negate);`