SECURITY: rebake old user profiles

This commit is contained in:
Sam 2014-08-05 16:37:56 +10:00
parent 3cab3acd60
commit b11b5cb61b
4 changed files with 57 additions and 1 deletions

View File

@ -29,6 +29,12 @@ module Jobs
end end
end end
# rebake out of date user profiles
problems = UserProfile.rebake_old(250)
problems.each do |hash|
user_id = hash[:profile].user_id
Discourse.handle_exception(hash[:ex], error_context(args, "Rebaking user id #{user_id}", user_id: user_id))
end
end end
end end

View File

@ -5,6 +5,8 @@ class UserProfile < ActiveRecord::Base
before_save :cook before_save :cook
after_save :trigger_badges after_save :trigger_badges
BAKED_VERSION = 1
def bio_excerpt def bio_excerpt
excerpt = PrettyText.excerpt(bio_cooked, 350) excerpt = PrettyText.excerpt(bio_cooked, 350)
return excerpt if excerpt.blank? || user.has_trust_level?(:basic) return excerpt if excerpt.blank? || user.has_trust_level?(:basic)
@ -36,6 +38,23 @@ class UserProfile < ActiveRecord::Base
self.save! self.save!
end end
def self.rebake_old(limit)
problems = []
UserProfile.where('bio_cooked_version IS NULL OR bio_cooked_version < ?', BAKED_VERSION)
.limit(limit).each do |p|
begin
p.rebake!
rescue => e
problems << {profile: p, ex: e}
end
end
problems
end
def rebake!
update_columns(bio_cooked: cooked, bio_cooked_version: BAKED_VERSION)
end
protected protected
def trigger_badges def trigger_badges
@ -44,9 +63,20 @@ class UserProfile < ActiveRecord::Base
private private
def cooked
if self.bio_raw.present?
PrettyText.cook(self.bio_raw, omit_nofollow: user.has_trust_level?(:leader) && !SiteSetting.leader_links_no_follow)
else
nil
end
end
def cook def cook
if self.bio_raw.present? if self.bio_raw.present?
self.bio_cooked = PrettyText.cook(self.bio_raw, omit_nofollow: user.has_trust_level?(:leader) && !SiteSetting.leader_links_no_follow) if bio_raw_changed? if bio_raw_changed?
self.bio_cooked = cooked
self.bio_cooked_version = BAKED_VERSION
end
else else
self.bio_cooked = nil self.bio_cooked = nil
end end

View File

@ -0,0 +1,6 @@
class AddBioCookedVersionToUserProfile < ActiveRecord::Migration
def change
add_column :user_profiles, :bio_cooked_version, :integer
add_index :user_profiles, [:bio_cooked_version]
end
end

View File

@ -6,6 +6,20 @@ describe UserProfile do
user.user_profile.should be_present user.user_profile.should be_present
end end
describe 'rebaking' do
it 'correctly rebakes bio' do
user_profile = Fabricate(:evil_trout).user_profile
user_profile.update_columns(bio_raw: "test", bio_cooked: "broken", bio_cooked_version: nil)
problems = UserProfile.rebake_old(10)
problems.length.should == 0
user_profile.reload
user_profile.bio_cooked.should == "<p>test</p>"
user_profile.bio_cooked_version.should == UserProfile::BAKED_VERSION
end
end
describe 'new' do describe 'new' do
let(:user_profile) { Fabricate.build(:user_profile) } let(:user_profile) { Fabricate.build(:user_profile) }