Empty 'usage' property for command declares it non-executable.

noplanman · noplanman · commit 4ac95479165b · 2019-06-13T01:57:58.000+02:00
Default for system commands, so they can't be executed by any user.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,11 +8,13 @@ Exclamation symbols (:exclamation:) note something of importance e.g. breaking c
 ### Changed
 - Use PSR-12 for code style.
 ### Deprecated
+- [:exclamation:][unreleased-bc-startcommand-is-now-a-usercommand] `StartCommand` is now a `UserCommand` (not `SystemCommand` any more).
 ### Removed
 - Botan.io integration completely removed.
 ### Fixed
 - `forward_date` is now correctly saved to the DB.
 ### Security
+- Don't allow a user to call system commands directly.
 
 ## [0.57.0] - 2019-06-01
 :exclamation: After updating to this version, you will need to execute the [SQL migration script][0.57.0-sql-migration] on your database.
@@ -265,6 +267,7 @@ Exclamation symbols (:exclamation:) note something of importance e.g. breaking c
 - Move `hideKeyboard` to `removeKeyboard`.
 
 [unreleased-sql-migration]: https://github.com/php-telegram-bot/core/tree/develop/utils/db-schema-update/unreleased.sql
+[unreleased-bc-startcommand-is-now-a-usercommand]: https://github.com/php-telegram-bot/core/wiki/Breaking-backwards-compatibility#startcommand-is-now-a-usercommand
 [0.57.0-sql-migration]: https://github.com/php-telegram-bot/core/tree/master/utils/db-schema-update/0.56.0-0.57.0.sql
 [0.55.0-sql-migration]: https://github.com/php-telegram-bot/core/tree/master/utils/db-schema-update/0.54.1-0.55.0.sql
 [0.55.0-bc-move-animation-out-of-games-namespace]: https://github.com/php-telegram-bot/core/wiki/Breaking-backwards-compatibility#move-animation-out-of-games-namespace
diff --git a/src/Commands/SystemCommand.php b/src/Commands/SystemCommand.php
@@ -14,6 +14,13 @@
 
 abstract class SystemCommand extends Command
 {
+    /**
+     * @{inheritdoc}
+     *
+     * Set to empty string to disallow users calling system commands.
+     */
+    protected $usage = '';
+
     /**
      * A system command just executes
      *
diff --git a/src/Commands/UserCommands/StartCommand.php b/src/Commands/UserCommands/StartCommand.php
@@ -8,17 +8,14 @@
  * file that was distributed with this source code.
  */
 
-namespace Longman\TelegramBot\Commands\SystemCommands;
+namespace Longman\TelegramBot\Commands\UserCommands;
 
-use Longman\TelegramBot\Commands\SystemCommand;
-use Longman\TelegramBot\Request;
+use Longman\TelegramBot\Commands\UserCommand;
 
 /**
  * Start command
- *
- * @todo Remove due to deprecation!
  */
-class StartCommand extends SystemCommand
+class StartCommand extends UserCommand
 {
     /**
      * @var string
@@ -38,12 +35,12 @@ class StartCommand extends SystemCommand
     /**
      * @var string
      */
-    protected $version = '1.0.0';
+    protected $version = '1.1.0';
 
     /**
      * Command execute method
      *
-     * @return mixed
+     * @return \Longman\TelegramBot\Entities\ServerResponse
      * @throws \Longman\TelegramBot\Exception\TelegramException
      */
     public function execute()
@@ -52,8 +49,6 @@ public function execute()
         //$chat_id = $message->getChat()->getId();
         //$user_id = $message->getFrom()->getId();
 
-        trigger_error(__CLASS__ . ' is deprecated and will be removed and handled by ' . GenericmessageCommand::class . ' by default in a future release.', E_USER_DEPRECATED);
-
         return parent::execute();
     }
 }
diff --git a/src/Telegram.php b/src/Telegram.php
@@ -461,15 +461,16 @@ public function processUpdate(Update $update)
         if ($update_type === 'message') {
             $message = $this->update->getMessage();
             $type    = $message->getType();
-            if ($type === 'command') {
-                $command = $message->getCommand();
-            } else {
-                // Let's check if the message object has the type field we're looking for
-                // and if a fitting command class is available.
-                $command_tmp = $this->getCommandFromType($type);
-                if ($this->getCommandObject($command_tmp) !== null) {
-                    $command = $command_tmp;
-                }
+
+            // Let's check if the message object has the type field we're looking for...
+            $command_tmp = $type === 'command' ? $message->getCommand() : $this->getCommandFromType($type);
+            // ...and if a fitting command class is available.
+            $command_obj = $this->getCommandObject($command_tmp);
+
+            // Empty usage string denotes a non-executable command.
+            // @see https://github.com/php-telegram-bot/core/issues/772#issuecomment-388616072
+            if ($command_obj !== null && $command_obj->getUsage() !== '') {
+                $command = $command_tmp;
             }
         } else {
             $command = $this->getCommandFromType($update_type);

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,13 @@`
`14`	`14`
`15`	`15`	`abstract class SystemCommand extends Command`
`16`	`16`	`{`
	`17`	`+ /**`
	`18`	`+ * @{inheritdoc}`
	`19`	`+ *`
	`20`	`+ * Set to empty string to disallow users calling system commands.`
	`21`	`+ */`
	`22`	`+ protected $usage = '';`
	`23`	`+`
`17`	`24`	`/**`
`18`	`25`	`* A system command just executes`
`19`	`26`	`*`