fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2012-01-23 12:07 am
  • Add Memory
  • Share This Entry

[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=4166

[commit: http://hg.dwscoalition.org/dw-free/rev/239d226a0b65]

http://bugs.dwscoalition.org/show_bug.cgi?id=4166

Check again for validity and security before displaying excerpts (search
results are already filtered, but there's a chance to see brief snippets in
the time window between when an entry was changed and when it was indexed)

Patch by [personal profile] fu.

Files modified:
  • bin/worker/sphinx-search-gm
  • htdocs/search.bml
--------------------------------------------------------------------------------
diff -r 78a0be4f6baa -r 239d226a0b65 bin/worker/sphinx-search-gm
--- a/bin/worker/sphinx-search-gm	Mon Jan 23 08:05:33 2012 +0800
+++ b/bin/worker/sphinx-search-gm	Mon Jan 23 08:08:23 2012 +0800
@@ -78,7 +78,7 @@
 }
 
 sub _build_output {
-    my ( $sx, $query, $res ) = @_;
+    my ( $sx, $query, $res, $remoteid ) = @_;
 
     # try to build some excerpts of these searches, which involves us loading
     # up the exact entry contents...
@@ -90,10 +90,12 @@
 
         foreach my $match ( @{ $res->{matches} } ) {
             my $entry = LJ::Entry->new( $match->{journal_id}, jitemid => $match->{jitemid} );
+            my $remote = LJ::load_userid( $remoteid );
 
-            # check for validity, but not for security. Security was filtered for in the query on sphinx
-            # make sure that the journal and poster have the right status for the entry to be visible
-            if ( $entry && $entry->valid && ! $entry->journal->is_inactive && ! $entry->poster->is_suspended ) {
+            # check for validity and for security
+            # we filtered by security earlier, but there's a chance it was changed
+            # but not yet indexed
+            if ( $entry && $entry->valid && $entry->visible_to( $remote ) ) {
                 # use text only version of event for excerpt purposes.  best effort.
                 $match->{entry} = $entry->event_text;
                 $match->{entry} =~ s#<(?:br|p)\s*/?># #gi;
@@ -157,7 +159,7 @@
     my $search_results = _run_search( $sx, $args );
     return undef unless $search_results;
 
-    my $res = _build_output( $sx, $args->{query}, $search_results );
+    my $res = _build_output( $sx, $args->{query}, $search_results, $args->{remoteid} );
     return Storable::nfreeze( $res );
 }
 
diff -r 78a0be4f6baa -r 239d226a0b65 htdocs/search.bml
--- a/htdocs/search.bml	Mon Jan 23 08:05:33 2012 +0800
+++ b/htdocs/search.bml	Mon Jan 23 08:08:23 2012 +0800
@@ -128,7 +128,8 @@
     }
 
     # the arguments to the search (userid=0 implies global search)
-    my $args = { userid => $su ? $su->id : 0, query => $q, offset => $offset, sort_by => $sby,
+    my $args = { userid => $su ? $su->id : 0, remoteid => $remote->id,
+                 query => $q, offset => $offset, sort_by => $sby,
                  ignore_security => $ignore_security, allowmask => $allowmask };
     my $arg = Storable::nfreeze( $args );
 
--------------------------------------------------------------------------------