From f1c9ae568662ece61ba58f28a02c4b0875dce8b0 Mon Sep 17 00:00:00 2001
From: Joram Wilander <jwawilander@gmail.com>
Date: Wed, 8 Feb 2017 02:07:17 -0800
Subject: Error on blank post IDs for get post query (#5326)

---
 store/sql_post_store.go      | 20 ++++++++++++++++++++
 store/sql_post_store_test.go |  4 ++++
 2 files changed, 24 insertions(+)

(limited to 'store')

diff --git a/store/sql_post_store.go b/store/sql_post_store.go
index ae7a3c2c0..b74d53c29 100644
--- a/store/sql_post_store.go
+++ b/store/sql_post_store.go
@@ -189,10 +189,20 @@ func (s SqlPostStore) Get(id string) StoreChannel {
 		result := StoreResult{}
 		pl := &model.PostList{}
 
+		if len(id) == 0 {
+			result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "id="+id)
+			storeChannel <- result
+			close(storeChannel)
+			return
+		}
+
 		var post model.Post
 		err := s.GetReplica().SelectOne(&post, "SELECT * FROM Posts WHERE Id = :Id AND DeleteAt = 0", map[string]interface{}{"Id": id})
 		if err != nil {
 			result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "id="+id+err.Error())
+			storeChannel <- result
+			close(storeChannel)
+			return
 		}
 
 		pl.AddPost(&post)
@@ -204,10 +214,20 @@ func (s SqlPostStore) Get(id string) StoreChannel {
 			rootId = post.Id
 		}
 
+		if len(rootId) == 0 {
+			result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "root_id="+rootId)
+			storeChannel <- result
+			close(storeChannel)
+			return
+		}
+
 		var posts []*model.Post
 		_, err = s.GetReplica().Select(&posts, "SELECT * FROM Posts WHERE (Id = :Id OR RootId = :RootId) AND DeleteAt = 0", map[string]interface{}{"Id": rootId, "RootId": rootId})
 		if err != nil {
 			result.Err = model.NewLocAppError("SqlPostStore.GetPost", "store.sql_post.get.app_error", nil, "root_id="+rootId+err.Error())
+			storeChannel <- result
+			close(storeChannel)
+			return
 		} else {
 			for _, p := range posts {
 				pl.AddPost(p)
diff --git a/store/sql_post_store_test.go b/store/sql_post_store_test.go
index 626894a2a..08fe1282e 100644
--- a/store/sql_post_store_test.go
+++ b/store/sql_post_store_test.go
@@ -61,6 +61,10 @@ func TestPostStoreGet(t *testing.T) {
 	if err := (<-store.Post().Get("123")).Err; err == nil {
 		t.Fatal("Missing id should have failed")
 	}
+
+	if err := (<-store.Post().Get("")).Err; err == nil {
+		t.Fatal("should fail for blank post ids")
+	}
 }
 
 func TestPostStoreGetSingle(t *testing.T) {
-- 
cgit v1.2.3-1-g7c22