From 31325f0995bb61413b07f166d253b13fb27d085d Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 23 Jun 2009 13:51:23 -0700 Subject: Stop Twitter gateway notices from leaking via user faves pages --- classes/Fave.php | 46 ++++++++++++++++++++++++++++------------------ classes/Notice.php | 2 ++ classes/User.php | 4 ++-- 3 files changed, 32 insertions(+), 20 deletions(-) (limited to 'classes') diff --git a/classes/Fave.php b/classes/Fave.php index 572334ce4..f4cf6256f 100644 --- a/classes/Fave.php +++ b/classes/Fave.php @@ -37,52 +37,62 @@ class Fave extends Memcached_DataObject return Memcached_DataObject::pkeyGet('Fave', $kv); } - function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE) + function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE, $own=false) { $ids = Notice::stream(array('Fave', '_streamDirect'), - array($user_id), - 'fave:ids_by_user:'.$user_id, + array($user_id, $own), + ($own) ? 'fave:ids_by_user_own:'.$user_id : + 'fave:by_user:'.$user_id, $offset, $limit); return $ids; } - function _streamDirect($user_id, $offset, $limit, $since_id, $max_id, $since) + function _streamDirect($user_id, $own, $offset, $limit, $since_id, $max_id, $since) { $fav = new Fave(); - - $fav->user_id = $user_id; - - $fav->selectAdd(); - $fav->selectAdd('notice_id'); + $qry = null; + + if ($own) { + $qry = 'SELECT fave.* FROM fave '; + $qry .= 'WHERE fave.user_id = ' . $user_id . ' '; + } else { + $qry = 'SELECT fave.* FROM fave '; + $qry .= 'INNER JOIN notice ON fave.notice_id = notice.id '; + $qry .= 'WHERE fave.user_id = ' . $user_id . ' '; + $qry .= 'AND notice.is_local != ' . NOTICE_GATEWAY . ' '; + } if ($since_id != 0) { - $fav->whereAdd('notice_id > ' . $since_id); + $qry .= 'AND notice_id > ' . $since_id . ' '; } if ($max_id != 0) { - $fav->whereAdd('notice_id <= ' . $max_id); + $qry .= 'AND notice_id <= ' . $max_id . ' '; } if (!is_null($since)) { - $fav->whereAdd('modified > \'' . date('Y-m-d H:i:s', $since) . '\''); + $qry .= 'AND modified > \'' . date('Y-m-d H:i:s', $since) . '\' '; } // NOTE: we sort by fave time, not by notice time! - $fav->orderBy('modified DESC'); + $qry .= 'ORDER BY modified DESC '; if (!is_null($offset)) { - $fav->limit($offset, $limit); + $qry .= "LIMIT $offset, $limit"; } + $fav->query($qry); + $ids = array(); - if ($fav->find()) { - while ($fav->fetch()) { - $ids[] = $fav->notice_id; - } + while ($fav->fetch()) { + $ids[] = $fav->notice_id; } + $fav->free(); + unset($fav); + return $ids; } } diff --git a/classes/Notice.php b/classes/Notice.php index b6bbf66ca..6f9b73be4 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -471,8 +471,10 @@ class Notice extends Memcached_DataObject if ($fave->find()) { while ($fave->fetch()) { $cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id)); + $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id)); if ($blowLast) { $cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id.';last')); + $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id.';last')); } } } diff --git a/classes/User.php b/classes/User.php index e8c8c5a75..a01a3106f 100644 --- a/classes/User.php +++ b/classes/User.php @@ -424,9 +424,9 @@ class User extends Memcached_DataObject } } - function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE) + function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE, $own=false) { - $ids = Fave::stream($this->id, $offset, $limit); + $ids = Fave::stream($this->id, $offset, $limit, $own); return Notice::getStreamByIds($ids); } -- cgit v1.2.3-54-g00ecf