From 231e4872ed2b9c2cc4158e134eefa7060dccd196 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Wed, 25 Dec 2019 23:44:23 -0600
Subject: [PATCH] Re-enable post search counts and view counts.

Re-enable post view counts, post search counts, and missed search
counts. These were disabled in 89adf88d5 because of a bug caused by the
upgrade to rack-2.0.8 in a58dd83ad.

The bug was that rack-2.0.8 changed `session.id` to return a value of a
new wrapper type that doesn't respond to `to_s`. Previously it just
returned a string. Now we have to call `session[:session_id]` or
`session.id.public_id` to get a plain string. This was an undocumented
breaking change in rack-2.0.8 to fix CVE-2019-16782.
---
 app/helpers/posts_helper.rb | 43 +++++++++++++++----------------------
 1 file changed, 17 insertions(+), 26 deletions(-)

diff --git a/app/helpers/posts_helper.rb b/app/helpers/posts_helper.rb
index d161271be..a8052afb0 100644
--- a/app/helpers/posts_helper.rb
+++ b/app/helpers/posts_helper.rb
@@ -1,6 +1,5 @@
 module PostsHelper
   def post_search_counts_enabled?
-    return false
     Danbooru.config.enable_post_search_counts && Danbooru.config.reportbooru_server.present? && Danbooru.config.reportbooru_key.present?
   end
 
@@ -23,40 +22,32 @@ module PostsHelper
   end
 
   def missed_post_search_count_js
-    return nil unless post_search_counts_enabled?
+    return unless post_search_counts_enabled?
+    return unless params[:ms] == "1" && @post_set.post_count == 0 && @post_set.is_single_tag?
 
-    if params[:ms] == "1" && @post_set.post_count == 0 && @post_set.is_single_tag?
-      session_id = session.id
-      verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-      sig = verifier.generate("#{params[:tags]},#{session_id}")
-      return render("posts/partials/index/missed_search_count", sig: sig)
-    end
+    sig = generate_reportbooru_signature(params[:tags])
+    render "posts/partials/index/missed_search_count", sig: sig
   end
 
   def post_search_count_js
-    return nil unless post_search_counts_enabled?
+    return unless post_search_counts_enabled?
+    return unless params[:action] == "index" && params[:page].nil? && params[:tags].present?
 
-    if params[:action] == "index" && params[:page].nil?
-      tags = Tag.scan_query(params[:tags]).sort.join(" ")
-
-      if tags.present?
-        key = "ps-#{tags}"
-        value = session.id
-        verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
-        sig = verifier.generate("#{key},#{value}")
-        return render("posts/partials/index/search_count", sig: sig)
-      end
-    end
-
-    return nil
+    tags = Tag.scan_query(params[:tags]).sort.join(" ")
+    sig = generate_reportbooru_signature("ps-#{tags}")
+    render "posts/partials/index/search_count", sig: sig
   end
 
   def post_view_count_js
-    return nil unless post_search_counts_enabled?
+    return unless post_search_counts_enabled?
 
-    msg = "#{params[:id]},#{session.id}"
-    msg = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256").generate(msg)
-    return render("posts/partials/show/view_count", msg: msg)
+    msg = generate_reportbooru_signature(params[:id])
+    render "posts/partials/show/view_count", msg: msg
+  end
+
+  def generate_reportbooru_signature(value)
+    verifier = ActiveSupport::MessageVerifier.new(Danbooru.config.reportbooru_key, serializer: JSON, digest: "SHA256")
+    verifier.generate("#{value},#{session[:session_id]}")
   end
 
   def post_source_tag(post)