diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2017-02-08 02:07:17 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-08 02:07:17 -0800 |
| commit | f1c9ae568662ece61ba58f28a02c4b0875dce8b0 (patch) | |
| tree | b43d2a2b1e8bb7e3a5f51c6bc3acacd8f5f2b1c0 /store | |
| parent | 0162d8ad08815b9b833fc651c7e185eab48cbbb2 (diff) | |
| download | chat-f1c9ae568662ece61ba58f28a02c4b0875dce8b0.tar.gz chat-f1c9ae568662ece61ba58f28a02c4b0875dce8b0.tar.bz2 chat-f1c9ae568662ece61ba58f28a02c4b0875dce8b0.zip | |
Error on blank post IDs for get post query (#5326)
Diffstat (limited to 'store')
| -rw-r--r-- | store/sql_post_store.go | 20 | ||||
| -rw-r--r-- | store/sql_post_store_test.go | 4 |
2 files changed, 24 insertions, 0 deletions
diff --git a/store/sql_post_store.go b/store/sql_post_store.go index ae7a3c2c0..b74d53c29 100644 --- a/store/sql_post_store.go +++ b/store/sql_post_store.go @@ -189,10 +189,20 @@ func (s SqlPostStore) Get(id string) StoreChannel { result := StoreResult{} pl := &model.PostList{} + if len(id) == 0 { + result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "id="+id) + storeChannel <- result + close(storeChannel) + return + } + var post model.Post err := s.GetReplica().SelectOne(&post, "SELECT * FROM Posts WHERE Id = :Id AND DeleteAt = 0", map[string]interface{}{"Id": id}) if err != nil { result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "id="+id+err.Error()) + storeChannel <- result + close(storeChannel) + return } pl.AddPost(&post) @@ -204,10 +214,20 @@ func (s SqlPostStore) Get(id string) StoreChannel { rootId = post.Id } + if len(rootId) == 0 { + result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "root_id="+rootId) + storeChannel <- result + close(storeChannel) + return + } + var posts []*model.Post _, err = s.GetReplica().Select(&posts, "SELECT * FROM Posts WHERE (Id = :Id OR RootId = :RootId) AND DeleteAt = 0", map[string]interface{}{"Id": rootId, "RootId": rootId}) if err != nil { result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "root_id="+rootId+err.Error()) + storeChannel <- result + close(storeChannel) + return } else { for _, p := range posts { pl.AddPost(p) diff --git a/store/sql_post_store_test.go b/store/sql_post_store_test.go index 626894a2a..08fe1282e 100644 --- a/store/sql_post_store_test.go +++ b/store/sql_post_store_test.go @@ -61,6 +61,10 @@ func TestPostStoreGet(t *testing.T) { if err := (<-store.Post().Get("123")).Err; err == nil { t.Fatal("Missing id should have failed") } + + if err := (<-store.Post().Get("")).Err; err == nil { + t.Fatal("should fail for blank post ids") + } } func TestPostStoreGetSingle(t *testing.T) { |