fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2011-12-17 09:54 am

[dw-free] Protected entries in search show up as deleted

[commit: http://hg.dwscoalition.org/dw-free/rev/be4258ab864c]

http://bugs.dwscoalition.org/show_bug.cgi?id=4115

The search worker isn't aware of the current remote user from the webserver
which calls the worker, so $entry->visible_to( $remote ) acts as though
there's no one logged in. Instead of using the function, check explicitly
against entry validity, journal visibility, poster status.

Patch by [personal profile] fu.

Files modified:
  • bin/worker/sphinx-search-gm
--------------------------------------------------------------------------------
diff -r ec8c6d62f69f -r be4258ab864c bin/worker/sphinx-search-gm
--- a/bin/worker/sphinx-search-gm	Thu Dec 15 22:00:28 2011 +0800
+++ b/bin/worker/sphinx-search-gm	Sat Dec 17 17:55:21 2011 +0800
@@ -88,10 +88,12 @@
         # convenience only... they're the same hashrefs you know and love
         my @out;
 
-        my $remote = LJ::get_remote();
         foreach my $match ( @{ $res->{matches} } ) {
             my $entry = LJ::Entry->new( $match->{journal_id}, jitemid => $match->{jitemid} );
-            if ( $entry && $entry->visible_to( $remote ) ) {
+
+            # check for validity, but not for security. Security was filtered for in the query on sphinx
+            # make sure that the journal and poster have the right status for the entry to be visible
+            if ( $entry && $entry->valid && ! $entry->journal->is_inactive && ! $entry->poster->is_suspended ) {
                 # use text only version of event for excerpt purposes.  best effort.
                 $match->{entry} = $entry->event_text;
                 $match->{entry} =~ s#<(?:br|p)\s*/?># #gi;
--------------------------------------------------------------------------------