Stop Twitter gateway notices from leaking via user faves pages
This commit is contained in:
parent
d9bebfd651
commit
31325f0995
|
@ -191,10 +191,21 @@ class ShowfavoritesAction extends CurrentUserDesignAction
|
|||
|
||||
function showContent()
|
||||
{
|
||||
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
|
||||
NOTICES_PER_PAGE + 1);
|
||||
$cur = common_current_user();
|
||||
|
||||
if (!$notice) {
|
||||
if (!empty($cur) && $cur->id == $this->user->id) {
|
||||
|
||||
// Show imported/gateway notices as well as local if
|
||||
// the user is looking at his own favorites
|
||||
|
||||
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
|
||||
NOTICES_PER_PAGE + 1, true);
|
||||
} else {
|
||||
$notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
|
||||
NOTICES_PER_PAGE + 1, false);
|
||||
}
|
||||
|
||||
if (empty($notice)) {
|
||||
$this->serverError(_('Could not retrieve favorite notices.'));
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -37,52 +37,62 @@ class Fave extends Memcached_DataObject
|
|||
return Memcached_DataObject::pkeyGet('Fave', $kv);
|
||||
}
|
||||
|
||||
function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE)
|
||||
function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE, $own=false)
|
||||
{
|
||||
$ids = Notice::stream(array('Fave', '_streamDirect'),
|
||||
array($user_id),
|
||||
'fave:ids_by_user:'.$user_id,
|
||||
array($user_id, $own),
|
||||
($own) ? 'fave:ids_by_user_own:'.$user_id :
|
||||
'fave:by_user:'.$user_id,
|
||||
$offset, $limit);
|
||||
return $ids;
|
||||
}
|
||||
|
||||
function _streamDirect($user_id, $offset, $limit, $since_id, $max_id, $since)
|
||||
function _streamDirect($user_id, $own, $offset, $limit, $since_id, $max_id, $since)
|
||||
{
|
||||
$fav = new Fave();
|
||||
$qry = null;
|
||||
|
||||
$fav->user_id = $user_id;
|
||||
|
||||
$fav->selectAdd();
|
||||
$fav->selectAdd('notice_id');
|
||||
if ($own) {
|
||||
$qry = 'SELECT fave.* FROM fave ';
|
||||
$qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
|
||||
} else {
|
||||
$qry = 'SELECT fave.* FROM fave ';
|
||||
$qry .= 'INNER JOIN notice ON fave.notice_id = notice.id ';
|
||||
$qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
|
||||
$qry .= 'AND notice.is_local != ' . NOTICE_GATEWAY . ' ';
|
||||
}
|
||||
|
||||
if ($since_id != 0) {
|
||||
$fav->whereAdd('notice_id > ' . $since_id);
|
||||
$qry .= 'AND notice_id > ' . $since_id . ' ';
|
||||
}
|
||||
|
||||
if ($max_id != 0) {
|
||||
$fav->whereAdd('notice_id <= ' . $max_id);
|
||||
$qry .= 'AND notice_id <= ' . $max_id . ' ';
|
||||
}
|
||||
|
||||
if (!is_null($since)) {
|
||||
$fav->whereAdd('modified > \'' . date('Y-m-d H:i:s', $since) . '\'');
|
||||
$qry .= 'AND modified > \'' . date('Y-m-d H:i:s', $since) . '\' ';
|
||||
}
|
||||
|
||||
// NOTE: we sort by fave time, not by notice time!
|
||||
|
||||
$fav->orderBy('modified DESC');
|
||||
$qry .= 'ORDER BY modified DESC ';
|
||||
|
||||
if (!is_null($offset)) {
|
||||
$fav->limit($offset, $limit);
|
||||
$qry .= "LIMIT $offset, $limit";
|
||||
}
|
||||
|
||||
$fav->query($qry);
|
||||
|
||||
$ids = array();
|
||||
|
||||
if ($fav->find()) {
|
||||
while ($fav->fetch()) {
|
||||
$ids[] = $fav->notice_id;
|
||||
}
|
||||
while ($fav->fetch()) {
|
||||
$ids[] = $fav->notice_id;
|
||||
}
|
||||
|
||||
$fav->free();
|
||||
unset($fav);
|
||||
|
||||
return $ids;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -471,8 +471,10 @@ class Notice extends Memcached_DataObject
|
|||
if ($fave->find()) {
|
||||
while ($fave->fetch()) {
|
||||
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id));
|
||||
$cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id));
|
||||
if ($blowLast) {
|
||||
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id.';last'));
|
||||
$cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id.';last'));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -424,9 +424,9 @@ class User extends Memcached_DataObject
|
|||
}
|
||||
}
|
||||
|
||||
function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE)
|
||||
function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE, $own=false)
|
||||
{
|
||||
$ids = Fave::stream($this->id, $offset, $limit);
|
||||
$ids = Fave::stream($this->id, $offset, $limit, $own);
|
||||
return Notice::getStreamByIds($ids);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user