From e176f2828ede6ce5bb809d70153fabc608b86f37 Mon Sep 17 00:00:00 2001 From: jerremyng Date: Tue, 6 Jan 2026 15:09:07 +0000 Subject: [PATCH] add checks for comma when importing recipies --- app/Services/PluginImportService.php | 28 +++++++++++++ tests/Feature/PluginImportTest.php | 59 ++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) diff --git a/app/Services/PluginImportService.php b/app/Services/PluginImportService.php index 9207e3e..ddd052d 100644 --- a/app/Services/PluginImportService.php +++ b/app/Services/PluginImportService.php @@ -17,6 +17,32 @@ use ZipArchive; class PluginImportService { + /** + * Validate YAML settings + * + * @param array $settings The parsed YAML settings + * @throws Exception + */ + private function validateYAML(array $settings): void + { + if (!isset($settings['custom_fields']) || !is_array($settings['custom_fields'])) { + return; + } + + foreach ($settings['custom_fields'] as $field) { + if (isset($field['field_type']) && $field['field_type'] === 'multi_string') { + + if (isset($field['default']) && str_contains($field['default'], ',')) { + throw new Exception("Validation Error: The default value for multistring fields like `{$field['keyname']}` cannot contain commas."); + } + + if (isset($field['placeholder']) && str_contains($field['placeholder'], ',')) { + throw new Exception("Validation Error: The placeholder value for multistring fields like `{$field['keyname']}` cannot contain commas."); + } + + } + } + } /** * Import a plugin from a ZIP file * @@ -58,6 +84,7 @@ class PluginImportService // Parse settings.yml $settingsYaml = File::get($filePaths['settingsYamlPath']); $settings = Yaml::parse($settingsYaml); + $this->validateYAML($settings); // Read full.liquid content $fullLiquid = File::get($filePaths['fullLiquidPath']); @@ -187,6 +214,7 @@ class PluginImportService // Parse settings.yml $settingsYaml = File::get($filePaths['settingsYamlPath']); $settings = Yaml::parse($settingsYaml); + $this->validateYAML($settings); // Read full.liquid content $fullLiquid = File::get($filePaths['fullLiquidPath']); diff --git a/tests/Feature/PluginImportTest.php b/tests/Feature/PluginImportTest.php index 1b20f93..fae28a8 100644 --- a/tests/Feature/PluginImportTest.php +++ b/tests/Feature/PluginImportTest.php @@ -427,6 +427,65 @@ YAML; ->and($displayIncidentField['default'])->toBe('true'); }); +it('throws exception when multi_string default value contains a comma', function (): void { + $user = User::factory()->create(); + + // YAML with a comma in the 'default' field of a multi_string + $invalidYaml = << $invalidYaml, + 'src/full.liquid' => getValidFullLiquid(), + ]); + + $zipFile = UploadedFile::fake()->createWithContent('invalid-default.zip', $zipContent); + $pluginImportService = new PluginImportService(); + + expect(fn () => $pluginImportService->importFromZip($zipFile, $user)) + ->toThrow(Exception::class, "Validation Error: The default value for multistring fields like `api_key` cannot contain commas."); +}); + +it('throws exception when multi_string placeholder contains a comma', function (): void { + $user = User::factory()->create(); + + // YAML with a comma in the 'placeholder' field + $invalidYaml = << $invalidYaml, + 'src/full.liquid' => getValidFullLiquid(), + ]); + + $zipFile = UploadedFile::fake()->createWithContent('invalid-placeholder.zip', $zipContent); + $pluginImportService = new PluginImportService(); + + expect(fn () => $pluginImportService->importFromZip($zipFile, $user)) + ->toThrow(Exception::class, "Validation Error: The placeholder value for multistring fields like `api_key` cannot contain commas."); +}); + // Helper methods function createMockZipFile(array $files): string {