From 80b2935e11ed12f2f2889f737ab98b1f43abdf27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Fri, 24 Apr 2015 11:14:10 +0200 Subject: [PATCH] FIX: prevent DOS when fixing avatar in quotes --- app/jobs/regular/fix_avatar_in_quotes.rb | 10 ---------- app/models/post.rb | 16 ++++++++++++++++ app/models/user.rb | 5 ++--- 3 files changed, 18 insertions(+), 13 deletions(-) delete mode 100644 app/jobs/regular/fix_avatar_in_quotes.rb diff --git a/app/jobs/regular/fix_avatar_in_quotes.rb b/app/jobs/regular/fix_avatar_in_quotes.rb deleted file mode 100644 index 17ef0d2af..000000000 --- a/app/jobs/regular/fix_avatar_in_quotes.rb +++ /dev/null @@ -1,10 +0,0 @@ -module Jobs - class FixAvatarInQuotes < Jobs::Base - - def execute(args) - post_ids_to_rebake = Post.exec_sql("SELECT post_id FROM quoted_posts WHERE quoted_post_id IN (SELECT id FROM posts WHERE user_id = ?)", args[:user_id]).values.flatten.map(&:to_i) - Post.where(id: post_ids_to_rebake).find_each.map(&:rebake!) - end - - end -end diff --git a/app/models/post.rb b/app/models/post.rb index 0f24c597c..281b6a3d4 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -525,6 +525,22 @@ class Post < ActiveRecord::Base end end + def self.rebake_all_quoted_posts(user_id) + return if user_id.blank? + + Post.exec_sql <<-SQL + WITH user_quoted_posts AS ( + SELECT post_id + FROM quoted_posts + WHERE quoted_post_id IN (SELECT id FROM posts WHERE user_id = #{user_id}) + ) + UPDATE posts + SET baked_version = NULL + WHERE baked_version IS NOT NULL + AND id IN (SELECT post_id FROM user_quoted_posts) + SQL + end + private def parse_quote_into_arguments(quote) diff --git a/app/models/user.rb b/app/models/user.rb index d0fd152fb..0120ad5d7 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -677,9 +677,8 @@ class User < ActiveRecord::Base Jobs.enqueue(:update_gravatar, user_id: self.id, avatar_id: avatar.id) end - if self.uploaded_avatar_id_changed? - Jobs.enqueue(:fix_avatar_in_quotes, user_id: self.id) - end + # mark all the user's quoted posts as "needing a rebake" + Post.rebake_all_quoted_posts(self.id) if self.uploaded_avatar_id_changed? end def first_post_created_at