Stop Twitter gateway notices from leaking via user faves pages

diff --git a/actions/showfavorites.php b/actions/showfavorites.php
index 01f38a8927ced49a4a2f88864f905e9b4104bbaf..b723924a5e0a323209f0daf09888933841b0b9b6 100644 (file)
--- a/actions/showfavorites.php
+++ b/actions/showfavorites.php
@@ -191,10 +191,21 @@ class ShowfavoritesAction extends CurrentUserDesignAction
 
     function showContent()
     {
-        $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
-                                               NOTICES_PER_PAGE + 1);
+        $cur = common_current_user();
 
-        if (!$notice) {
+        if (!empty($cur) && $cur->id == $this->user->id) {
+
+            // Show imported/gateway notices as well as local if
+            // the user is looking at his own favorites
+
+            $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
+                                                   NOTICES_PER_PAGE + 1, true);
+        } else {
+            $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE,
+                                                   NOTICES_PER_PAGE + 1, false);
+        }
+
+        if (empty($notice)) {
             $this->serverError(_('Could not retrieve favorite notices.'));
             return;
         }

diff --git a/classes/Fave.php b/classes/Fave.php
index 572334ce4f8cf17e8811cf0eab51cd77ed922549..f4cf6256ff314af7aca2b5b7867c5dca011b8177 100644 (file)
--- a/classes/Fave.php
+++ b/classes/Fave.php
@@ -37,52 +37,62 @@ class Fave extends Memcached_DataObject
         return Memcached_DataObject::pkeyGet('Fave', $kv);
     }
 
-    function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE)
+    function stream($user_id, $offset=0, $limit=NOTICES_PER_PAGE, $own=false)
     {
         $ids = Notice::stream(array('Fave', '_streamDirect'),
-                              array($user_id),
-                              'fave:ids_by_user:'.$user_id,
+                              array($user_id, $own),
+                              ($own) ? 'fave:ids_by_user_own:'.$user_id :
+                              'fave:by_user:'.$user_id,
                               $offset, $limit);
         return $ids;
     }
 
-    function _streamDirect($user_id, $offset, $limit, $since_id, $max_id, $since)
+    function _streamDirect($user_id, $own, $offset, $limit, $since_id, $max_id, $since)
     {
         $fav = new Fave();
-
-        $fav->user_id = $user_id;
-
-        $fav->selectAdd();
-        $fav->selectAdd('notice_id');
+        $qry = null;
+
+        if ($own) {
+            $qry  = 'SELECT fave.* FROM fave ';
+            $qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
+        } else {
+             $qry =  'SELECT fave.* FROM fave ';
+             $qry .= 'INNER JOIN notice ON fave.notice_id = notice.id ';
+             $qry .= 'WHERE fave.user_id = ' . $user_id . ' ';
+             $qry .= 'AND notice.is_local != ' . NOTICE_GATEWAY . ' ';
+        }
 
         if ($since_id != 0) {
-            $fav->whereAdd('notice_id > ' . $since_id);
+            $qry .= 'AND notice_id > ' . $since_id . ' ';
         }
 
         if ($max_id != 0) {
-            $fav->whereAdd('notice_id <= ' . $max_id);
+            $qry .= 'AND notice_id <= ' . $max_id . ' ';
         }
 
         if (!is_null($since)) {
-            $fav->whereAdd('modified > \'' . date('Y-m-d H:i:s', $since) . '\'');
+            $qry .= 'AND modified > \'' . date('Y-m-d H:i:s', $since) . '\' ';
         }
 
         // NOTE: we sort by fave time, not by notice time!
 
-        $fav->orderBy('modified DESC');
+        $qry .= 'ORDER BY modified DESC ';
 
         if (!is_null($offset)) {
-            $fav->limit($offset, $limit);
+            $qry .= "LIMIT $offset, $limit";
         }
 
+        $fav->query($qry);
+
         $ids = array();
 
-        if ($fav->find()) {
-            while ($fav->fetch()) {
-                $ids[] = $fav->notice_id;
-            }
+        while ($fav->fetch()) {
+            $ids[] = $fav->notice_id;
         }
 
+        $fav->free();
+        unset($fav);
+
         return $ids;
     }
 }

diff --git a/classes/Notice.php b/classes/Notice.php
index b6bbf66cacd376f3e8f136df4b16280c570aee26..6f9b73be4b699bddbd50bcd9528b7983b43b0f4d 100644 (file)
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -471,8 +471,10 @@ class Notice extends Memcached_DataObject
             if ($fave->find()) {
                 while ($fave->fetch()) {
                     $cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id));
+                    $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id));
                     if ($blowLast) {
                         $cache->delete(common_cache_key('fave:ids_by_user:'.$fave->user_id.';last'));
+                        $cache->delete(common_cache_key('fave:by_user_own:'.$fave->user_id.';last'));
                     }
                 }
             }

diff --git a/classes/User.php b/classes/User.php
index e8c8c5a75b48d1691cbb17cbf4eb8a3db3c7ae54..a01a3106f294608458af4af3b1d878c1afb4612f 100644 (file)
--- a/classes/User.php
+++ b/classes/User.php
@@ -424,9 +424,9 @@ class User extends Memcached_DataObject
         }
     }
 
-    function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE)
+    function favoriteNotices($offset=0, $limit=NOTICES_PER_PAGE, $own=false)
     {
-        $ids = Fave::stream($this->id, $offset, $limit);
+        $ids = Fave::stream($this->id, $offset, $limit, $own);
         return Notice::getStreamByIds($ids);
     }