41937: Anonymous user can activate notifications for wiki - leading t…

…o notifications to crash
surlabs · Nov 12, 2024 · 9fc97b9 · 9fc97b9
1 parent af3713b
commit 9fc97b9
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 2 deletions.
diff --git a/Modules/Wiki/Setup/class.Agent.php b/Modules/Wiki/Setup/class.Agent.php
@@ -29,7 +29,13 @@ class Agent extends Setup\Agent\NullAgent
 {
     public function getUpdateObjective(Setup\Config $config = null): Setup\Objective
     {
-        return new \ilDatabaseUpdateStepsExecutedObjective(new ilWikiDBUpdateSteps());
+        return new Setup\ObjectiveCollection(
+            'Wiki Update',
+            true,
+            new \ilDatabaseUpdateStepsExecutedObjective(new ilWikiDBUpdateSteps()),
+            new \ilDatabaseUpdateStepsExecutedObjective(new ilWiki8HotfixDBUpdateSteps())
+        );
+
     }
 
     public function getStatusObjective(Metrics\Storage $storage): Objective

diff --git a/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php b/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * This file is part of ILIAS, a powerful learning management system
+ * published by ILIAS open source e-Learning e.V.
+ *
+ * ILIAS is licensed with the GPL-3.0,
+ * see https://www.gnu.org/licenses/gpl-3.0.en.html
+ * You should have received a copy of said license along with the
+ * source code, too.
+ *
+ * If this is not the case or you just want to try ILIAS, you'll find
+ * us at:
+ * https://www.ilias.de
+ * https://github.com/ILIAS-eLearning
+ *
+ *********************************************************************/
+
+namespace ILIAS\Wiki\Setup;
+
+/**
+ * @author Alexander Killing <[email protected]>
+ */
+class ilWiki8HotfixDBUpdateSteps implements \ilDatabaseUpdateSteps
+{
+    protected \ilDBInterface $db;
+
+    public function prepare(\ilDBInterface $db): void
+    {
+        $this->db = $db;
+    }
+
+    public function step_1(): void
+    {
+        $db = $this->db;
+        $db->manipulateF("DELETE FROM notification WHERE " .
+            " user_id = %s",
+            ["integer"],
+            [13]
+        );
+    }
+}
diff --git a/Modules/Wiki/classes/class.ilWikiPageGUI.php b/Modules/Wiki/classes/class.ilWikiPageGUI.php
@@ -185,7 +185,8 @@ public function executeCommand(): string
                     self::initEditingJS($this->tpl);
                 }
 
-                if ($this->wiki_request->getNotification() > 0) {
+                if ($this->wiki_request->getNotification() > 0
+                    && $ilUser->getId() !== ANONYMOUS_USER_ID) {
                     switch ($this->wiki_request->getNotification()) {
                         case 1:
                             ilNotification::setNotification(ilNotification::TYPE_WIKI, $ilUser->getId(), $this->getPageObject()->getParentId(), false);