jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

search: fix user-dependent searches showing incorrect paginators.

Browse Source 
Some searches, such as searches for private favorites or for the
status:unmoderated tag, return different results for different users.
These searches need to have their counts cached separately for each user
so that we don't return incorrect page counts when two different users
perform the same search.

This can also potentially leak private information, such as the number
of posts flagged, downvoted, or disapproved by a given user.

Partial fix for #4280.
This commit is contained in:
evazion
2020-05-07 20:48:50 -05:00
parent 41c6c882c2
commit 438186a75a
5 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
test/unit/post_disapproval_test.rb
View File

@@ -35,8 +35,8 @@ class PostDisapprovalTest < ActiveSupport::TestCase
end
should "remove the associated post from alice's moderation queue" do
assert(!Post.available_for_moderation(false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(false).map(&:id).include?(@post_2.id))
assert(!Post.available_for_moderation(CurrentUser.user, hidden: false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(CurrentUser.user, hidden: false).map(&:id).include?(@post_2.id))
end
end
@@ -47,8 +47,8 @@ class PostDisapprovalTest < ActiveSupport::TestCase
end
should "not remove the associated post from brittony's moderation queue" do
assert(Post.available_for_moderation(false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(false).map(&:id).include?(@post_2.id))
assert(Post.available_for_moderation(CurrentUser.user, hidden: false).map(&:id).include?(@post_1.id))
assert(Post.available_for_moderation(CurrentUser.user, hidden: false).map(&:id).include?(@post_2.id))
end
end
end

10
test/unit/post_query_builder_test.rb
View File

@@ -1153,5 +1153,15 @@ class PostQueryBuilderTest < ActiveSupport::TestCase
end
end
end
context "for a user-dependent metatag" do
should "cache the count separately for different users" do
@user = create(:user, enable_private_favorites: true)
@post = as(@user) { create(:post, tag_string: "fav:#{@user.name}") }
assert_equal(1, PostQueryBuilder.new("fav:#{@user.name}", @user).fast_count)
assert_equal(0, PostQueryBuilder.new("fav:#{@user.name}").fast_count)
end
end
end
end