We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 31325f09 authored by Zach Copley's avatar Zach Copley

Stop Twitter gateway notices from leaking via user faves pages

parent d9bebfd6
......@@ -191,10 +191,21 @@ class ShowfavoritesAction extends CurrentUserDesignAction
function showContent()
{
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
NOTICES_PER_PAGE + 1);
$cur = common_current_user();
if (!$notice) {
if (!empty($cur) && $cur->id == $this->user->id) {
// Show imported/gateway notices as well as local if
// the user is looking at his own favorites
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
NOTICES_PER_PAGE + 1, true);
} else {
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
NOTICES_PER_PAGE + 1, false);
}
if (empty($notice)) {
$this->serverError(_('Could not retrieve favorite notices.'));
return;
}
......
......@@ -37,52 +37,62 @@ class Fave extends Memcached_DataObject
return Memcached_DataObject::pkeyGet('Fave', $kv);
}
function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE)
function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE, $own=false)
{
$ids = Notice::stream(array('Fave', '_streamDirect'),
array($user_id),
'fave:ids_by_user:'.$user_id,
array($user_id, $own),
($own) ? 'fave:ids_by_user_own:'.$user_id :
'fave:by_user:'.$user_id,
$offset, $limit);
return $ids;
}
function _streamDirect($user_id, $offset, $limit, $since_id, $max_id, $since)
function _streamDirect($user_id, $own, $offset, $limit, $since_id, $max_id, $since)
{
$fav = new Fave();
$fav->user_id = $user_id;
$fav->selectAdd();
$fav->selectAdd('notice_id');
$qry = null;
if ($own) {
$qry = 'SELECT fave.* FROM fave ';
$qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
} else {
$qry = 'SELECT fave.* FROM fave ';
$qry .= 'INNER JOIN notice ON fave.notice_id = notice.id ';
$qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
$qry .= 'AND notice.is_local != ' . NOTICE_GATEWAY . ' ';
}
if ($since_id != 0) {
$fav->whereAdd('notice_id > ' . $since_id);
$qry .= 'AND notice_id > ' . $since_id . ' ';
}
if ($max_id != 0) {
$fav->whereAdd('notice_id <= ' . $max_id);
$qry .= 'AND notice_id <= ' . $max_id . ' ';
}
if (!is_null($since)) {
$fav->whereAdd('modified > \'' . date('Y-m-d H:i:s', $since) . '\'');
$qry .= 'AND modified > \'' . date('Y-m-d H:i:s', $since) . '\' ';
}
// NOTE: we sort by fave time, not by notice time!
$fav->orderBy('modified DESC');
$qry .= 'ORDER BY modified DESC ';
if (!is_null($offset)) {
$fav->limit($offset, $limit);
$qry .= "LIMIT $offset, $limit";
}
$fav->query($qry);
$ids = array();
if ($fav->find()) {
while ($fav->fetch()) {
$ids[] = $fav->notice_id;
}
while ($fav->fetch()) {
$ids[] = $fav->notice_id;
}
$fav->free();
unset($fav);
return $ids;
}
}
......@@ -471,8 +471,10 @@ class Notice extends Memcached_DataObject
if ($fave->find()) {
while ($fave->fetch()) {
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id));
$cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id));
if ($blowLast) {
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id.';last'));
$cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id.';last'));
}
}
}
......
......@@ -424,9 +424,9 @@ class User extends Memcached_DataObject
}
}
function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE)
function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE, $own=false)
{
$ids = Fave::stream($this->id, $offset, $limit);
$ids = Fave::stream($this->id, $offset, $limit, $own);
return Notice::getStreamByIds($ids);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment