From 7d7a9e9bc78ae3f07f200bb1c193ed8c80ec7f39 Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Wed, 24 Jul 2013 10:59:40 +0200
Subject: [PATCH] Adds explicit validation of recent activity object type
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

â¦ which creates a proper error message instead of an database exception.
---
 .../activity/event/UserActivityEventHandler.class.php    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/UserActivityEventHandler.class.php b/wcfsetup/install/files/lib/system/user/activity/event/UserActivityEventHandler.class.php
index 11ed8c4c5a..2223f8963d 100644
--- a/wcfsetup/install/files/lib/system/user/activity/event/UserActivityEventHandler.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/UserActivityEventHandler.class.php
@@ -4,6 +4,7 @@ use wcf\data\object\type\ObjectTypeCache;
 use wcf\data\user\activity\event\UserActivityEventAction;
 use wcf\data\user\activity\event\ViewableUserActivityEventList;
 use wcf\system\database\util\PreparedStatementConditionBuilder;
+use wcf\system\exception\SystemException;
 use wcf\system\SingletonFactory;
 use wcf\system\WCF;
 
@@ -77,6 +78,10 @@ class UserActivityEventHandler extends SingletonFactory {
 	 */
 	public function fireEvent($objectType, $objectID, $languageID = null, $userID = null, $time = TIME_NOW, $additonalData = array()) {
 		$objectTypeID = $this->getObjectTypeID($objectType);
+		if ($objectTypeID === null) {
+			throw new SystemException("Unknown recent activity event '".$objectType."'");
+		}
+		
 		if ($userID === null) $userID = WCF::getUser()->userID;
 		
 		$eventAction = new UserActivityEventAction(array(), 'create', array(
@@ -102,6 +107,10 @@ class UserActivityEventHandler extends SingletonFactory {
 	 */
 	public function removeEvents($objectType, array $objectIDs) {
 		$objectTypeID = $this->getObjectTypeID($objectType);
+		if ($objectTypeID === null) {
+			throw new SystemException("Unknown recent activity event '".$objectType."'");
+		}
+		
 		$conditions = new PreparedStatementConditionBuilder();
 		$conditions->add("objectTypeID = ?", array($objectTypeID));
 		$conditions->add("objectID IN (?)", array($objectIDs));
-- 
2.20.1