duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #224 from simoleo89/fix/guild-forum-inputs

Browse Source 
fix(forums): bound guild forum view inputs
This commit is contained in:
DuckieTM
2026-06-17 09:57:06 +02:00
committed by GitHub
parent 4d4c796ad5 9b9902c76d
commit b9d5fa2557
6 changed files with 44 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumInputGuardContractTest.java
+16
View File
@@ -15,6 +15,7 @@ class GuildForumInputGuardContractTest {
for (String handler : List.of(
"GuildForumPostThreadEvent.java",
"GuildForumDataEvent.java",
"GuildForumModerateMessageEvent.java",
"GuildForumModerateThreadEvent.java",
"GuildForumThreadUpdateEvent.java",
@@ -39,9 +40,12 @@ class GuildForumInputGuardContractTest {
String settings = Files.readString(base.resolve("GuildForumUpdateSettingsEvent.java"));
String moderateThread = Files.readString(base.resolve("GuildForumModerateThreadEvent.java"));
String moderateMessage = Files.readString(base.resolve("GuildForumModerateMessageEvent.java"));
String threads = Files.readString(base.resolve("GuildForumThreadsEvent.java"));
assertTrue(messages.contains("GuildForumInputGuard.isValidPage(index, limit)"),
"thread message reads must bound index/limit before fetching comments");
assertTrue(threads.contains("GuildForumInputGuard.isValidThreadIndex(index)"),
"thread list reads must bound the client-provided index before composing results");
assertTrue(markRead.contains("GuildForumInputGuard.isValidMarkReadBatch(count)"),
"mark-as-read must bound the client-provided batch count before DB writes");
assertTrue(settings.contains("GuildForumInputGuard.isSettingsState"),
@@ -59,4 +63,16 @@ class GuildForumInputGuardContractTest {
assertTrue(source.contains("GuildForumInputGuard.normalize(this.packet.readString())"),
"forum post subject and body should be normalized before word filtering and length checks");
}
@Test
void markAsReadRequiresForumReadAccessBeforeWritingViews() throws Exception {
String source = Files.readString(Path.of("src/main/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumMarkAsReadEvent.java"));
int guildLookup = source.indexOf("Guild guild = Emulator.getGameEnvironment().getGuildManager().getGuild(guildId)");
int readGuard = source.indexOf("guild.canHabboReadForum(userId, member, staff)");
int insert = source.indexOf("INSERT INTO `guild_forum_views`");
assertTrue(guildLookup > -1 && readGuard > guildLookup && readGuard < insert,
"mark-as-read should confirm the user can read the forum before inserting view rows");
}
}
Emulator/src/test/java/com/eu/habbo/messages/incoming/guilds/forums/GuildForumInputGuardTest.java
+2
View File
@@ -21,6 +21,8 @@ class GuildForumInputGuardTest {
assertFalse(GuildForumInputGuard.isValidPage(0, 0));
assertTrue(GuildForumInputGuard.isValidPage(0, GuildForumInputGuard.MAX_PAGE_LIMIT));
assertFalse(GuildForumInputGuard.isValidPage(0, GuildForumInputGuard.MAX_PAGE_LIMIT + 1));
assertTrue(GuildForumInputGuard.isValidThreadIndex(GuildForumInputGuard.MAX_THREAD_INDEX));
assertFalse(GuildForumInputGuard.isValidThreadIndex(GuildForumInputGuard.MAX_THREAD_INDEX + 1));
}
@Test