summaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorsinguliere <35190819+singuliere@users.noreply.github.com>2022-05-05 16:39:26 +0100
committerGitHub <noreply@github.com>2022-05-05 11:39:26 -0400
commitb536b65189319544939da9b6537919a4fc838d71 (patch)
tree038dd21a1f8082aa6020f891c1d8811e522852ea /models
parent04fc4b7e05bfbfee6cb7aa4f6c30d1af6f2d4d2d (diff)
downloadgitea-b536b65189319544939da9b6537919a4fc838d71.tar.gz
gitea-b536b65189319544939da9b6537919a4fc838d71.zip
GetFeeds must always discard actions with dangling repo_id (#19598)
* GetFeeds must always discard actions with dangling repo_id See https://discourse.gitea.io/t/blank-page-after-login/5051/12 for a panic in 1.16.6. * add comment to explain the dangling ID in the fixture * loadRepoOwner must not attempt to use a nil action.Repo * make fmt Co-authored-by: Loïc Dachary <loic@dachary.org>
Diffstat (limited to 'models')
-rw-r--r--models/action.go10
-rw-r--r--models/action_list.go3
-rw-r--r--models/action_test.go17
-rw-r--r--models/fixtures/action.yml8
-rw-r--r--models/unittest/consistency.go6
5 files changed, 37 insertions, 7 deletions
diff --git a/models/action.go b/models/action.go
index 5177616497..efbe243bed 100644
--- a/models/action.go
+++ b/models/action.go
@@ -340,14 +340,14 @@ func GetFeeds(ctx context.Context, opts GetFeedsOptions) (ActionList, error) {
}
e := db.GetEngine(ctx)
- sess := e.Where(cond)
+ sess := e.Where(cond).Join("INNER", "repository", "`repository`.id = `action`.repo_id")
opts.SetDefaultValues()
sess = db.SetSessionPagination(sess, &opts)
actions := make([]*Action, 0, opts.PageSize)
- if err := sess.Desc("created_unix").Find(&actions); err != nil {
+ if err := sess.Desc("`action`.created_unix").Find(&actions); err != nil {
return nil, fmt.Errorf("Find: %v", err)
}
@@ -417,7 +417,7 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
}
if !opts.IncludePrivate {
- cond = cond.And(builder.Eq{"is_private": false})
+ cond = cond.And(builder.Eq{"`action`.is_private": false})
}
if !opts.IncludeDeleted {
cond = cond.And(builder.Eq{"is_deleted": false})
@@ -430,8 +430,8 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
} else {
dateHigh := dateLow.Add(86399000000000) // 23h59m59s
- cond = cond.And(builder.Gte{"created_unix": dateLow.Unix()})
- cond = cond.And(builder.Lte{"created_unix": dateHigh.Unix()})
+ cond = cond.And(builder.Gte{"`action`.created_unix": dateLow.Unix()})
+ cond = cond.And(builder.Lte{"`action`.created_unix": dateHigh.Unix()})
}
}
diff --git a/models/action_list.go b/models/action_list.go
index c180a82552..5f7b17b9de 100644
--- a/models/action_list.go
+++ b/models/action_list.go
@@ -80,6 +80,9 @@ func (actions ActionList) loadRepoOwner(e db.Engine, userMap map[int64]*user_mod
}
for _, action := range actions {
+ if action.Repo == nil {
+ continue
+ }
repoOwner, ok := userMap[action.Repo.OwnerID]
if !ok {
repoOwner, err = user_model.GetUserByID(action.Repo.OwnerID)
diff --git a/models/action_test.go b/models/action_test.go
index e247a5ec29..fb8a6c2686 100644
--- a/models/action_test.go
+++ b/models/action_test.go
@@ -211,3 +211,20 @@ func TestNotifyWatchers(t *testing.T) {
OpType: action.OpType,
})
}
+
+func TestGetFeedsCorrupted(t *testing.T) {
+ assert.NoError(t, unittest.PrepareTestDatabase())
+ user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
+ unittest.AssertExistsAndLoadBean(t, &Action{
+ ID: 8,
+ RepoID: 1700,
+ })
+
+ actions, err := GetFeeds(db.DefaultContext, GetFeedsOptions{
+ RequestedUser: user,
+ Actor: user,
+ IncludePrivate: true,
+ })
+ assert.NoError(t, err)
+ assert.Len(t, actions, 0)
+}
diff --git a/models/fixtures/action.yml b/models/fixtures/action.yml
index e283b01db2..a75092feb0 100644
--- a/models/fixtures/action.yml
+++ b/models/fixtures/action.yml
@@ -56,3 +56,11 @@
repo_id: 8 # public
is_private: false
created_unix: 1603011540 # grouped with id:7
+
+- id: 8
+ user_id: 1
+ op_type: 12 # close issue
+ act_user_id: 1
+ repo_id: 1700 # dangling intentional
+ is_private: false
+ created_unix: 1603011541
diff --git a/models/unittest/consistency.go b/models/unittest/consistency.go
index 2645084d3e..af05348868 100644
--- a/models/unittest/consistency.go
+++ b/models/unittest/consistency.go
@@ -175,8 +175,10 @@ func init() {
checkForActionConsistency := func(t assert.TestingT, bean interface{}) {
action := reflectionWrap(bean)
- repoRow := AssertExistsAndLoadMap(t, "repository", builder.Eq{"id": action.int("RepoID")})
- assert.Equal(t, parseBool(repoRow["is_private"]), action.bool("IsPrivate"), "action: %+v", action)
+ if action.int("RepoID") != 1700 { // dangling intentional
+ repoRow := AssertExistsAndLoadMap(t, "repository", builder.Eq{"id": action.int("RepoID")})
+ assert.Equal(t, parseBool(repoRow["is_private"]), action.bool("IsPrivate"), "action: %+v", action)
+ }
}
consistencyCheckMap["user"] = checkForUserConsistency