From e45609cf6645e650b8bafccd6860dec6aa9bb547 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Sat, 12 Dec 2015 18:28:42 +0100 Subject: notify: Do not pass notification texts via pipes Directly retrieve comments from the database instead of additionally passing them via stdin. Fixes FS#46742. Signed-off-by: Lukas Fleischer --- scripts/notify.py | 29 ++++++++++++++++++++++++----- web/lib/acctfuncs.inc.php | 4 +--- web/lib/pkgbasefuncs.inc.php | 5 +++-- web/lib/pkgreqfuncs.inc.php | 4 ++-- 4 files changed, 30 insertions(+), 12 deletions(-) diff --git a/scripts/notify.py b/scripts/notify.py index d3d9cb0..9a9cc29 100755 --- a/scripts/notify.py +++ b/scripts/notify.py @@ -91,6 +91,25 @@ def get_request_recipients(cur, pkgbase_id, uid): 'Users.ID = %s OR PackageBases.ID = %s', [uid, pkgbase_id]) return [row[0] for row in cur.fetchall()] +def get_comment(cur, comment_id): + cur.execute('SELECT Comments FROM PackageComments WHERE ID = %s', + [comment_id]) + return cur.fetchone()[0] + +def get_flagger_comment(cur, pkgbase_id): + cur.execute('SELECT FlaggerComment FROM PackageBases WHERE ID = %s', + [pkgbase_id]) + return cur.fetchone()[0] + +def get_request_comment(cur, reqid): + cur.execute('SELECT Comments FROM PackageRequests WHERE ID = %s', [reqid]) + return cur.fetchone()[0] + +def get_request_closure_comment(cur, reqid): + cur.execute('SELECT ClosureComment FROM PackageRequests WHERE ID = %s', + [reqid]) + return cur.fetchone()[0] + def send_resetkey(cur, uid): cur.execute('SELECT UserName, Email, ResetKey FROM Users WHERE ID = %s', [uid]) @@ -119,11 +138,11 @@ def welcome(cur, uid): send_notification([to], subject, body, refs) -def comment(cur, uid, pkgbase_id): +def comment(cur, uid, pkgbase_id, comment_id): user = username_from_id(cur, uid) pkgbase = pkgbase_from_id(cur, pkgbase_id) to = get_recipients(cur, pkgbase_id, uid) - text = sys.stdin.read() + text = get_comment(cur, comment_id) uri = aur_location + '/pkgbase/' + pkgbase + '/' @@ -147,7 +166,7 @@ def flag(cur, uid, pkgbase_id): user = username_from_id(cur, uid) pkgbase = pkgbase_from_id(cur, pkgbase_id) to = [get_maintainer_email(cur, pkgbase_id)] - text = sys.stdin.read() + text = get_flagger_comment(cur, pkgbase_id) user_uri = aur_location + '/account/' + user + '/' pkgbase_uri = aur_location + '/pkgbase/' + pkgbase + '/' @@ -220,7 +239,7 @@ def request_open(cur, uid, reqid, reqtype, pkgbase_id, merge_into=None): pkgbase = pkgbase_from_id(cur, pkgbase_id) to = [aur_request_ml] cc = get_request_recipients(cur, pkgbase_id, uid) - text = sys.stdin.read() + text = get_request_comment(cur, reqid) user_uri = aur_location + '/account/' + user + '/' pkgbase_uri = aur_location + '/pkgbase/' + pkgbase + '/' @@ -252,7 +271,7 @@ def request_close(cur, uid, reqid, reason): pkgbase_id = pkgbase_from_pkgreq(cur, reqid) to = [aur_request_ml] cc = get_request_recipients(cur, pkgbase_id, uid) - text = sys.stdin.read() + text = get_request_closure_comment(cur, reqid); user_uri = aur_location + '/account/' + user + '/' diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index a166d65..6fb2b40 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -1277,11 +1277,10 @@ function account_set_ssh_keys($uid, $ssh_keys, $ssh_fingerprints) { * Invoke the email notification script. * * @param string $params Command line parameters for the script. - * @param string $text Text to pass via stdin. * * @return void */ -function notify($params, $text='') { +function notify($params) { $cmd = config_get('notifications', 'notify-cmd'); foreach ($params as $param) { $cmd .= ' ' . escapeshellarg($param); @@ -1299,7 +1298,6 @@ function notify($params, $text='') { return false; } - fwrite($pipes[0], $text); fclose($pipes[0]); fclose($pipes[1]); fclose($pipes[2]); diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php index 7076c31..7b744d5 100644 --- a/web/lib/pkgbasefuncs.inc.php +++ b/web/lib/pkgbasefuncs.inc.php @@ -100,8 +100,9 @@ function pkgbase_add_comment($base_id, $uid, $comment) { $q.= intval($base_id) . ", " . $uid . ", "; $q.= $dbh->quote($comment) . ", UNIX_TIMESTAMP())"; $dbh->exec($q); + $comment_id = $dbh->lastInsertId(); - notify(array('comment', $uid, $base_id), $comment); + notify(array('comment', $uid, $base_id, $comment_id)); return array(true, __('Comment has been added.')); } @@ -401,7 +402,7 @@ function pkgbase_flag($base_ids, $comment) { $dbh->exec($q); foreach ($base_ids as $base_id) { - notify(array('flag', $uid, $base_id), $comment); + notify(array('flag', $uid, $base_id)); } return array(true, __("The selected packages have been flagged out-of-date.")); diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php index c1a4931..cf56663 100644 --- a/web/lib/pkgreqfuncs.inc.php +++ b/web/lib/pkgreqfuncs.inc.php @@ -158,7 +158,7 @@ function pkgreq_file($ids, $type, $merge_into, $comments) { if ($type === 'merge') { $params[] = $merge_into; } - notify($params, $comments); + notify($params); $auto_orphan_age = config_get('options', 'auto_orphan_age'); $auto_delete_age = config_get('options', 'auto_delete_age'); @@ -233,7 +233,7 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) { $dbh->exec($q); /* Send e-mail notifications. */ - notify(array('request-close', $uid, $id, $reason), $comments); + notify(array('request-close', $uid, $id, $reason)); return array(true, __("Request closed successfully.")); } -- cgit v1.2.3-54-g00ecf