From 9164b059958d82f76595400fda64aa9f739bfc23 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 21 Apr 2020 18:32:16 +0200
Subject: [statistics] Validate operator for all filters

---
 .../statistics/inc/statisticsfilter.inc.php            | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/modules-available/statistics/inc/statisticsfilter.inc.php b/modules-available/statistics/inc/statisticsfilter.inc.php
index e554a61c..215d49a7 100644
--- a/modules-available/statistics/inc/statisticsfilter.inc.php
+++ b/modules-available/statistics/inc/statisticsfilter.inc.php
@@ -29,6 +29,10 @@ abstract class StatisticsFilter
 	 */
 	public static $columns;
 
+	/*
+	 * Class instance stuff
+	 */
+
 	/**
 	 * @var string|null db-based sort column for this field, null if not sortable
 	 */
@@ -57,6 +61,19 @@ abstract class StatisticsFilter
 
 	public function bind(string $op, $argument) { return new DatabaseFilter($this, $op, $argument); }
 
+	public final function validateOperator(string $operator)
+	{
+		if (empty($this->ops))
+			return;
+		if (!in_array($operator, $this->ops)) {
+			Util::traceError("Invalid op '$operator' for " . get_class($this) . '::' . $this->column);
+		}
+	}
+
+	/*
+	 * Static/Helpers
+	 */
+
 	public static function findBestValue($array, $value, $up)
 	{
 		$best = 0;
@@ -557,6 +574,7 @@ class DatabaseFilter
 	public $argument;
 	public function __construct(StatisticsFilter $inst, string $op, $argument)
 	{
+		$inst->validateOperator($op);
 		$this->inst = $inst;
 		$this->op = $op;
 		$this->argument = $argument;
-- 
cgit v1.2.3-55-g7522