From f7ca0182cfb73bd946f5e0a6097285a6f6cf0017 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 11 Mar 2018 16:55:37 +0100
Subject: [PATCH] Enhanced parameter validation for quick reply actions

---
 ...essageQuickReplyParametersAction.class.php | 22 +++++++++++++++++++
 .../message/QuickReplyManager.class.php       | 18 +++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 wcfsetup/install/files/lib/data/IMessageQuickReplyParametersAction.class.php

diff --git a/wcfsetup/install/files/lib/data/IMessageQuickReplyParametersAction.class.php b/wcfsetup/install/files/lib/data/IMessageQuickReplyParametersAction.class.php
new file mode 100644
index 0000000000..d40e166843
--- /dev/null
+++ b/wcfsetup/install/files/lib/data/IMessageQuickReplyParametersAction.class.php
@@ -0,0 +1,22 @@
+<?php
+namespace wcf\data;
+
+/**
+ * Default interface for actions implementing quick reply with parameter validation.
+ * 
+ * @author      Alexander Ebert
+ * @copyright   2001-2018 WoltLab GmbH
+ * @license     GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package     com.woltlab.wcf
+ * @subpackage  data
+ * @category    Community Framework
+ */
+interface IMessageQuickReplyParametersAction extends IMessageQuickReplyAction {
+	/**
+	 * Returns the list of allowed data parameters for the 'quickReply' action. The
+	 * 'message' key is permitted by default.
+	 * 
+	 * @return      string[]
+	 */
+	public function getAllowedQuickReplyParameters();
+}
diff --git a/wcfsetup/install/files/lib/system/message/QuickReplyManager.class.php b/wcfsetup/install/files/lib/system/message/QuickReplyManager.class.php
index 995512c432..e0bdf444e7 100644
--- a/wcfsetup/install/files/lib/system/message/QuickReplyManager.class.php
+++ b/wcfsetup/install/files/lib/system/message/QuickReplyManager.class.php
@@ -4,6 +4,7 @@ use wcf\data\DatabaseObjectDecorator;
 use wcf\data\IAttachmentMessageQuickReplyAction;
 use wcf\data\IMessage;
 use wcf\data\IMessageQuickReplyAction;
+use wcf\data\IMessageQuickReplyParametersAction;
 use wcf\system\bbcode\PreParser;
 use wcf\system\event\EventHandler;
 use wcf\system\exception\SystemException;
@@ -155,6 +156,23 @@ class QuickReplyManager extends SingletonFactory {
 			unset($parameters['data']['tmpHash']);
 		}
 		
+		$allowedDataParameters = array('message');
+		if ($object instanceof IMessageQuickReplyParametersAction) {
+			$allowedDataParameters = array_merge($allowedDataParameters, $object->getAllowedQuickReplyParameters());
+		}
+		$eventParameters = array(
+			'allowedDataParameters' => $allowedDataParameters,
+			'object' => $object
+		);
+		EventHandler::getInstance()->fireAction($this, 'allowedDataParameters', $eventParameters);
+		$allowedDataParameters = $eventParameters['allowedDataParameters'];
+		
+		foreach ($parameters['data'] as $key => $value) {
+			if (!in_array($key, $allowedDataParameters)) {
+				unset($parameters['data'][$key]);
+			}
+		}
+		
 		// message settings
 		$parameters['data'] = array_merge($parameters['data'], MessageFormSettingsHandler::getSettings($parameters));
 		
-- 
2.20.1