SECURITY: rebake old user profiles

2014-08-05 16:37:56 +10:00 · 2014-08-05 16:37:56 +10:00 · b11b5cb61b
parent 3cab3acd60
commit b11b5cb61b
4 changed files with 57 additions and 1 deletions
--- a/app/jobs/scheduled/periodical_updates.rb
+++ b/app/jobs/scheduled/periodical_updates.rb
@ -29,6 +29,12 @@ module Jobs
        end
      end

+      # rebake out of date user profiles
+      problems = UserProfile.rebake_old(250)
+      problems.each do |hash|
+        user_id = hash[:profile].user_id
+        Discourse.handle_exception(hash[:ex], error_context(args, "Rebaking user id #{user_id}", user_id: user_id))
+      end
    end

  end
--- a/app/models/user_profile.rb
+++ b/app/models/user_profile.rb
@ -5,6 +5,8 @@ class UserProfile < ActiveRecord::Base
  before_save :cook
  after_save :trigger_badges

+  BAKED_VERSION = 1
+
  def bio_excerpt
    excerpt = PrettyText.excerpt(bio_cooked, 350)
    return excerpt if excerpt.blank? || user.has_trust_level?(:basic)
@ -36,6 +38,23 @@ class UserProfile < ActiveRecord::Base
    self.save!
  end

+  def self.rebake_old(limit)
+    problems = []
+    UserProfile.where('bio_cooked_version IS NULL OR bio_cooked_version < ?', BAKED_VERSION)
+        .limit(limit).each do |p|
+      begin
+        p.rebake!
+      rescue => e
+        problems << {profile: p, ex: e}
+      end
+    end
+    problems
+  end
+
+  def rebake!
+    update_columns(bio_cooked: cooked, bio_cooked_version: BAKED_VERSION)
+  end
+
  protected

  def trigger_badges
@ -44,9 +63,20 @@ class UserProfile < ActiveRecord::Base

  private

+  def cooked
+    if self.bio_raw.present?
+      PrettyText.cook(self.bio_raw, omit_nofollow: user.has_trust_level?(:leader) && !SiteSetting.leader_links_no_follow)
+    else
+      nil
+    end
+  end
+
  def cook
    if self.bio_raw.present?
-      self.bio_cooked = PrettyText.cook(self.bio_raw, omit_nofollow: user.has_trust_level?(:leader) && !SiteSetting.leader_links_no_follow) if bio_raw_changed?
+      if bio_raw_changed?
+        self.bio_cooked = cooked
+        self.bio_cooked_version = BAKED_VERSION
+      end
    else
      self.bio_cooked = nil
    end
--- a/db/migrate/20140805061612_add_bio_cooked_version_to_user_profile.rb
+++ b/db/migrate/20140805061612_add_bio_cooked_version_to_user_profile.rb
@ -0,0 +1,6 @@
+class AddBioCookedVersionToUserProfile < ActiveRecord::Migration
+  def change
+    add_column :user_profiles, :bio_cooked_version, :integer
+    add_index :user_profiles, [:bio_cooked_version]
+  end
+end
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@ -6,6 +6,20 @@ describe UserProfile do
    user.user_profile.should be_present
  end

+  describe 'rebaking' do
+    it 'correctly rebakes bio' do
+      user_profile = Fabricate(:evil_trout).user_profile
+      user_profile.update_columns(bio_raw: "test", bio_cooked: "broken", bio_cooked_version: nil)
+
+      problems = UserProfile.rebake_old(10)
+      problems.length.should == 0
+
+      user_profile.reload
+      user_profile.bio_cooked.should == "<p>test</p>"
+      user_profile.bio_cooked_version.should == UserProfile::BAKED_VERSION
+    end
+  end
+
  describe 'new' do
    let(:user_profile) { Fabricate.build(:user_profile) }