From eb85340cec1a4331c9b1c425f3f293aedab4d68b Mon Sep 17 00:00:00 2001 From: Dave MacFarlane Date: Wed, 16 Aug 2023 15:13:12 -0400 Subject: [PATCH] Ensure queries returns an array, not an object --- modules/dataquery/php/queries.class.inc | 1 + modules/dataquery/php/query.class.inc | 39 ++++++++++++++++--------- 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/modules/dataquery/php/queries.class.inc b/modules/dataquery/php/queries.class.inc index 35db18a6674..3277a86359a 100644 --- a/modules/dataquery/php/queries.class.inc +++ b/modules/dataquery/php/queries.class.inc @@ -50,6 +50,7 @@ class Queries extends \NDB_Page [ 'queries' => iterator_to_array( $this->getUserAccessibleQueries($user), + false, // do not preserve keys, stay an array ), ] ); diff --git a/modules/dataquery/php/query.class.inc b/modules/dataquery/php/query.class.inc index 1870b1e9c34..348d14de4ad 100644 --- a/modules/dataquery/php/query.class.inc +++ b/modules/dataquery/php/query.class.inc @@ -102,20 +102,27 @@ class Query implements \LORIS\StudyEntities\AccessibleResource, } // Check accessibility for fields - $fields = $this->getFields(); - foreach ($fields as $field) { - if ($field->isAccessibleBy($user) === false) { - return false; + try { + $fields = $this->getFields(); + foreach ($fields as $field) { + if ($field->isAccessibleBy($user) === false) { + return false; + } } - } - // Check accessibility for dictionary items in the criteria - $critfields = $this->_getAllCriteriaDictionaries($criteria); - foreach ($critfields as $field) { - if ($field->isAccessibleBy($user) === false) { - return false; - } + // Check accessibility for dictionary items in the criteria + $critfields = $this->_getAllCriteriaDictionaries($criteria); + foreach ($critfields as $field) { + if ($field->isAccessibleBy($user) === false) { + return false; + } + } + } catch (\OutOfBoundsException $e) { + // The query references a field that no longer exists. + // The module can not provide the data, so the query is + // not accessible by anyone. + return false; } return true; } @@ -175,7 +182,10 @@ class Query implements \LORIS\StudyEntities\AccessibleResource, $cname = $item['category']; $fname = $item['fieldname']; $this->_populateModuleDictCache($mname); - assert(isset($this->moduleDictCache[$mname][$cname][$fname])); + if (!isset($this->moduleDictCache[$mname][$cname][$fname])) { + // This query references a field that no longer exist. + throw new \OutOfBoundsException(); + } $usedDicts[] = $this->moduleDictCache[$mname][$cname][$fname]; } } @@ -373,7 +383,10 @@ class Query implements \LORIS\StudyEntities\AccessibleResource, $fname = $field['field']; $this->_populateModuleDictCache($mname); - + if (!isset($this->moduleDictCache[$mname][$cname][$fname])) { + // This query references a field that no longer exist. + throw new \OutOfBoundsException(); + } assert(isset($this->moduleDictCache[$mname][$cname][$fname])); $fields[] = $this->moduleDictCache[$mname][$cname][$fname]; }