summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@controlyourself.ca>2009-06-23 13:51:23 -0700
committerZach Copley <zach@controlyourself.ca>2009-06-23 13:51:23 -0700
commit31325f0995bb61413b07f166d253b13fb27d085d (patch)
tree1ae7cdadfcdbf5b76e08db0a5a8df3cd4cb4e25f
parentd9bebfd6512353690be8bf8cc596a0656ef48ae9 (diff)
Stop Twitter gateway notices from leaking via user faves pages
-rw-r--r--actions/showfavorites.php17
-rw-r--r--classes/Fave.php46
-rw-r--r--classes/Notice.php2
-rw-r--r--classes/User.php4
4 files changed, 46 insertions, 23 deletions
diff --git a/actions/showfavorites.php b/actions/showfavorites.php
index 01f38a892..b723924a5 100644
--- a/actions/showfavorites.php
+++ b/actions/showfavorites.php
@@ -191,10 +191,21 @@ class ShowfavoritesAction extends CurrentUserDesignAction
function showContent()
{
- $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
- NOTICES_PER_PAGE + 1);
+ $cur = common_current_user();
- if (!$notice) {
+ if (!empty($cur) && $cur->id == $this->user->id) {
+
+ // Show imported/gateway notices as well as local if
+ // the user is looking at his own favorites
+
+ $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
+ NOTICES_PER_PAGE + 1, true);
+ } else {
+ $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
+ NOTICES_PER_PAGE + 1, false);
+ }
+
+ if (empty($notice)) {
$this->serverError(_('Could not retrieve favorite notices.'));
return;
}
diff --git a/classes/Fave.php b/classes/Fave.php
index 572334ce4..f4cf6256f 100644
--- a/classes/Fave.php
+++ b/classes/Fave.php
@@ -37,52 +37,62 @@ class Fave extends Memcached_DataObject
return Memcached_DataObject::pkeyGet('Fave', $kv);
}
- function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE)
+ function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE, $own=false)
{
$ids = Notice::stream(array('Fave', '_streamDirect'),
- array($user_id),
- 'fave:ids_by_user:'.$user_id,
+ array($user_id, $own),
+ ($own) ? 'fave:ids_by_user_own:'.$user_id :
+ 'fave:by_user:'.$user_id,
$offset, $limit);
return $ids;
}
- function _streamDirect($user_id, $offset, $limit, $since_id, $max_id, $since)
+ function _streamDirect($user_id, $own, $offset, $limit, $since_id, $max_id, $since)
{
$fav = new Fave();
-
- $fav->user_id = $user_id;
-
- $fav->selectAdd();
- $fav->selectAdd('notice_id');
+ $qry = null;
+
+ if ($own) {
+ $qry = 'SELECT fave.* FROM fave ';
+ $qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
+ } else {
+ $qry = 'SELECT fave.* FROM fave ';
+ $qry .= 'INNER JOIN notice ON fave.notice_id = notice.id ';
+ $qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
+ $qry .= 'AND notice.is_local != ' . NOTICE_GATEWAY . ' ';
+ }
if ($since_id != 0) {
- $fav->whereAdd('notice_id > ' . $since_id);
+ $qry .= 'AND notice_id > ' . $since_id . ' ';
}
if ($max_id != 0) {
- $fav->whereAdd('notice_id <= ' . $max_id);
+ $qry .= 'AND notice_id <= ' . $max_id . ' ';
}
if (!is_null($since)) {
- $fav->whereAdd('modified > \'' . date('Y-m-d H:i:s', $since) . '\'');
+ $qry .= 'AND modified > \'' . date('Y-m-d H:i:s', $since) . '\' ';
}
// NOTE: we sort by fave time, not by notice time!
- $fav->orderBy('modified DESC');
+ $qry .= 'ORDER BY modified DESC ';
if (!is_null($offset)) {
- $fav->limit($offset, $limit);
+ $qry .= "LIMIT $offset, $limit";
}
+ $fav->query($qry);
+
$ids = array();
- if ($fav->find()) {
- while ($fav->fetch()) {
- $ids[] = $fav->notice_id;
- }
+ while ($fav->fetch()) {
+ $ids[] = $fav->notice_id;
}
+ $fav->free();
+ unset($fav);
+
return $ids;
}
}
diff --git a/classes/Notice.php b/classes/Notice.php
index b6bbf66ca..6f9b73be4 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -471,8 +471,10 @@ class Notice extends Memcached_DataObject
if ($fave->find()) {
while ($fave->fetch()) {
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id));
+ $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id));
if ($blowLast) {
$cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id.';last'));
+ $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id.';last'));
}
}
}
diff --git a/classes/User.php b/classes/User.php
index e8c8c5a75..a01a3106f 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -424,9 +424,9 @@ class User extends Memcached_DataObject
}
}
- function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE)
+ function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE, $own=false)
{
- $ids = Fave::stream($this->id, $offset, $limit);
+ $ids = Fave::stream($this->id, $offset, $limit, $own);
return Notice::getStreamByIds($ids);
}