From 9fc97b97894d5d479dd0bc5d37f70dd81981647f Mon Sep 17 00:00:00 2001
From: Alexander Killing <killing@leifos.de>
Date: Tue, 12 Nov 2024 09:09:54 +0100
Subject: [PATCH] 41937: Anonymous user can activate notifications for wiki -
 leading to notifications to crash

---
 Modules/Wiki/Setup/class.Agent.php            |  8 +++-
 .../class.ilWiki8HotfixDBUpdateSteps.php      | 42 +++++++++++++++++++
 Modules/Wiki/classes/class.ilWikiPageGUI.php  |  3 +-
 3 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php

diff --git a/Modules/Wiki/Setup/class.Agent.php b/Modules/Wiki/Setup/class.Agent.php
index 36c05193e79f..cc971d53b0fe 100644
--- a/Modules/Wiki/Setup/class.Agent.php
+++ b/Modules/Wiki/Setup/class.Agent.php
@@ -29,7 +29,13 @@ class Agent extends Setup\Agent\NullAgent
 {
     public function getUpdateObjective(Setup\Config $config = null): Setup\Objective
     {
-        return new \ilDatabaseUpdateStepsExecutedObjective(new ilWikiDBUpdateSteps());
+        return new Setup\ObjectiveCollection(
+            'Wiki Update',
+            true,
+            new \ilDatabaseUpdateStepsExecutedObjective(new ilWikiDBUpdateSteps()),
+            new \ilDatabaseUpdateStepsExecutedObjective(new ilWiki8HotfixDBUpdateSteps())
+        );
+
     }
 
     public function getStatusObjective(Metrics\Storage $storage): Objective
diff --git a/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php b/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php
new file mode 100644
index 000000000000..7242db4752da
--- /dev/null
+++ b/Modules/Wiki/Setup/class.ilWiki8HotfixDBUpdateSteps.php
@@ -0,0 +1,42 @@
+<?php
+
+/**
+ * This file is part of ILIAS, a powerful learning management system
+ * published by ILIAS open source e-Learning e.V.
+ *
+ * ILIAS is licensed with the GPL-3.0,
+ * see https://www.gnu.org/licenses/gpl-3.0.en.html
+ * You should have received a copy of said license along with the
+ * source code, too.
+ *
+ * If this is not the case or you just want to try ILIAS, you'll find
+ * us at:
+ * https://www.ilias.de
+ * https://github.com/ILIAS-eLearning
+ *
+ *********************************************************************/
+
+namespace ILIAS\Wiki\Setup;
+
+/**
+ * @author Alexander Killing <killing@leifos.de>
+ */
+class ilWiki8HotfixDBUpdateSteps implements \ilDatabaseUpdateSteps
+{
+    protected \ilDBInterface $db;
+
+    public function prepare(\ilDBInterface $db): void
+    {
+        $this->db = $db;
+    }
+
+    public function step_1(): void
+    {
+        $db = $this->db;
+        $db->manipulateF("DELETE FROM notification WHERE " .
+            " user_id = %s",
+            ["integer"],
+            [13]
+        );
+    }
+}
diff --git a/Modules/Wiki/classes/class.ilWikiPageGUI.php b/Modules/Wiki/classes/class.ilWikiPageGUI.php
index bea4d8c9ab10..0474eae658ac 100755
--- a/Modules/Wiki/classes/class.ilWikiPageGUI.php
+++ b/Modules/Wiki/classes/class.ilWikiPageGUI.php
@@ -185,7 +185,8 @@ public function executeCommand(): string
                     self::initEditingJS($this->tpl);
                 }
 
-                if ($this->wiki_request->getNotification() > 0) {
+                if ($this->wiki_request->getNotification() > 0
+                    && $ilUser->getId() !== ANONYMOUS_USER_ID) {
                     switch ($this->wiki_request->getNotification()) {
                         case 1:
                             ilNotification::setNotification(ilNotification::TYPE_WIKI, $ilUser->getId(), $this->getPageObject()->getParentId(), false);