FIX: possible data leaking from one site to another in multisite in PendingFlagsReminder

2025-01-19 04:52:45 +08:00 · 2017-05-22 15:18:13 -04:00 · 2017-05-22 15:18:13 -04:00 · f350dd4fd1
commit f350dd4fd1
parent 02fb86916f
1 changed files with 25 additions and 21 deletions
--- a/app/jobs/scheduled/pending_flags_reminder.rb
+++ b/app/jobs/scheduled/pending_flags_reminder.rb
@ -7,30 +7,35 @@ module Jobs
    every 1.hour

    def execute(args)
-      if SiteSetting.notify_about_flags_after > 0 &&
-          PostAction.flagged_posts_count > 0 &&
-          flag_ids.size > 0 && last_notified_id.to_i < flag_ids.max
+      if SiteSetting.notify_about_flags_after > 0

-        mentions = active_moderator_usernames.size > 0 ?
-          "@#{active_moderator_usernames.join(', @')} " : ""
+        flagged_posts_count = PostAction.flagged_posts_count

-        PostCreator.create(
-          Discourse.system_user,
-          target_group_names: Group[:moderators].name,
-          archetype: Archetype.private_message,
-          subtype: TopicSubtype.system_message,
-          title: I18n.t('flags_reminder.subject_template', { count: PostAction.flagged_posts_count }),
-          raw: mentions + I18n.t('flags_reminder.flags_were_submitted', { count: SiteSetting.notify_about_flags_after })
-        )
+        return unless flagged_posts_count > 0

-        self.last_notified_id = flag_ids.max
+        flag_ids = pending_flag_ids
+
+        if flag_ids.size > 0 && last_notified_id.to_i < flag_ids.max
+
+          usernames = active_moderator_usernames
+          mentions = usernames.size > 0 ? "@#{usernames.join(', @')} " : ""
+
+          PostCreator.create(
+            Discourse.system_user,
+            target_group_names: Group[:moderators].name,
+            archetype: Archetype.private_message,
+            subtype: TopicSubtype.system_message,
+            title: I18n.t('flags_reminder.subject_template', { count: flagged_posts_count }),
+            raw: mentions + I18n.t('flags_reminder.flags_were_submitted', { count: SiteSetting.notify_about_flags_after })
+          )
+
+          self.last_notified_id = flag_ids.max
+        end
      end
-
-      true
    end

-    def flag_ids
-      @_flag_ids ||= FlagQuery.flagged_post_actions('active')
+    def pending_flag_ids
+      FlagQuery.flagged_post_actions('active')
        .where('post_actions.created_at < ?', SiteSetting.notify_about_flags_after.to_i.hours.ago)
        .pluck(:id)
    end
@ -44,12 +49,11 @@ module Jobs
    end

    def self.last_notified_key
-      "last_notified_pending_flag_id"
+      "last_notified_pending_flag_id".freeze
    end

    def active_moderator_usernames
-      @_active_moderator_usernames ||=
-        User.where(moderator: true)
+      User.where(moderator: true)
          .human_users
          .order('last_seen_at DESC')
          .limit(3)