fu: Close-up of Fu, bringing a scoop of water to her mouth (Default)
fu ([personal profile] fu) wrote in [site community profile] changelog2012-01-23 12:07 am
  • Add Memory
  • Share This Entry

[dw-free] http://bugs.dwscoalition.org/show_bug.cgi?id=4166

[commit: http://hg.dwscoalition.org/dw-free/rev/239d226a0b65]

http://bugs.dwscoalition.org/show_bug.cgi?id=4166

Check again for validity and security before displaying excerpts (search
results are already filtered, but there's a chance to see brief snippets in
the time window between when an entry was changed and when it was indexed)

Patch by [personal profile] fu.

Files modified:
  • bin/worker/sphinx-search-gm
  • htdocs/search.bml
--------------------------------------------------------------------------------
diff -r 78a0be4f6baa -r 239d226a0b65 bin/worker/sphinx-search-gm
--- a/bin/worker/sphinx-search-gm	Mon Jan 23 08:05:33 2012 +0800
+++ b/bin/worker/sphinx-search-gm	Mon Jan 23 08:08:23 2012 +0800
@@ -78,7 +78,7 @@
 }
 
 sub _build_output {
-    my ( $sx, $query, $res ) = @_;
+    my ( $sx, $query, $res, $remoteid ) = @_;
 
     # try to build some excerpts of these searches, which involves us loading
     # up the exact entry contents...
@@ -90,10 +90,12 @@
 
         foreach my $match ( @{ $res->{matches} } ) {
             my $entry = LJ::Entry->new( $match->{journal_id}, jitemid => $match->{jitemid} );
+            my $remote = LJ::load_userid( $remoteid );
 
-            # check for validity, but not for security. Security was filtered for in the query on sphinx
-            # make sure that the journal and poster have the right status for the entry to be visible
-            if ( $entry && $entry->valid && ! $entry->journal->is_inactive && ! $entry->poster->is_suspended ) {
+            # check for validity and for security
+            # we filtered by security earlier, but there's a chance it was changed
+            # but not yet indexed
+            if ( $entry && $entry->valid && $entry->visible_to( $remote ) ) {
                 # use text only version of event for excerpt purposes.  best effort.
                 $match->{entry} = $entry->event_text;
                 $match->{entry} =~ s#<(?:br|p)\s*/?># #gi;
@@ -157,7 +159,7 @@
     my $search_results = _run_search( $sx, $args );
     return undef unless $search_results;
 
-    my $res = _build_output( $sx, $args->{query}, $search_results );
+    my $res = _build_output( $sx, $args->{query}, $search_results, $args->{remoteid} );
     return Storable::nfreeze( $res );
 }
 
diff -r 78a0be4f6baa -r 239d226a0b65 htdocs/search.bml
--- a/htdocs/search.bml	Mon Jan 23 08:05:33 2012 +0800
+++ b/htdocs/search.bml	Mon Jan 23 08:08:23 2012 +0800
@@ -128,7 +128,8 @@
     }
 
     # the arguments to the search (userid=0 implies global search)
-    my $args = { userid => $su ? $su->id : 0, query => $q, offset => $offset, sort_by => $sby,
+    my $args = { userid => $su ? $su->id : 0, remoteid => $remote->id,
+                 query => $q, offset => $offset, sort_by => $sby,
                  ignore_security => $ignore_security, allowmask => $allowmask };
     my $arg = Storable::nfreeze( $args );
 
--------------------------------------------------------------------------------
  • Add Memory
  • Share This Entry
(0 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.