[aur-dev] [PATCH 2/2] notify: Do not pass notification texts via pipes

Lukas Fleischer lfleischer at archlinux.org
Sat Dec 12 17:38:14 UTC 2015 

Directly retrieve comments from the database instead of additionally
passing them via stdin.

Fixes FS#46742.

Signed-off-by: Lukas Fleischer <lfleischer at archlinux.org>
---
 scripts/notify.py            | 29 ++++++++++++++++++++++++-----
 web/lib/acctfuncs.inc.php    |  4 +---
 web/lib/pkgbasefuncs.inc.php |  5 +++--
 web/lib/pkgreqfuncs.inc.php  |  4 ++--
 4 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/scripts/notify.py b/scripts/notify.py
index d3d9cb0..9a9cc29 100755
--- a/scripts/notify.py
+++ b/scripts/notify.py
@@ -91,6 +91,25 @@ def get_request_recipients(cur, pkgbase_id, uid):
                 'Users.ID = %s OR PackageBases.ID = %s', [uid, pkgbase_id])
     return [row[0] for row in cur.fetchall()]
 
+def get_comment(cur, comment_id):
+    cur.execute('SELECT Comments FROM PackageComments WHERE ID = %s',
+                [comment_id])
+    return cur.fetchone()[0]
+
+def get_flagger_comment(cur, pkgbase_id):
+    cur.execute('SELECT FlaggerComment FROM PackageBases WHERE ID = %s',
+                [pkgbase_id])
+    return cur.fetchone()[0]
+
+def get_request_comment(cur, reqid):
+    cur.execute('SELECT Comments FROM PackageRequests WHERE ID = %s', [reqid])
+    return cur.fetchone()[0]
+
+def get_request_closure_comment(cur, reqid):
+    cur.execute('SELECT ClosureComment FROM PackageRequests WHERE ID = %s',
+                [reqid])
+    return cur.fetchone()[0]
+
 def send_resetkey(cur, uid):
     cur.execute('SELECT UserName, Email, ResetKey FROM Users WHERE ID = %s',
                 [uid])
@@ -119,11 +138,11 @@ def welcome(cur, uid):
 
     send_notification([to], subject, body, refs)
 
-def comment(cur, uid, pkgbase_id):
+def comment(cur, uid, pkgbase_id, comment_id):
     user = username_from_id(cur, uid)
     pkgbase = pkgbase_from_id(cur, pkgbase_id)
     to = get_recipients(cur, pkgbase_id, uid)
-    text = sys.stdin.read()
+    text = get_comment(cur, comment_id)
 
     uri = aur_location + '/pkgbase/' + pkgbase + '/'
 
@@ -147,7 +166,7 @@ def flag(cur, uid, pkgbase_id):
     user = username_from_id(cur, uid)
     pkgbase = pkgbase_from_id(cur, pkgbase_id)
     to = [get_maintainer_email(cur, pkgbase_id)]
-    text = sys.stdin.read()
+    text = get_flagger_comment(cur, pkgbase_id)
 
     user_uri = aur_location + '/account/' + user + '/'
     pkgbase_uri = aur_location + '/pkgbase/' + pkgbase + '/'
@@ -220,7 +239,7 @@ def request_open(cur, uid, reqid, reqtype, pkgbase_id, merge_into=None):
     pkgbase = pkgbase_from_id(cur, pkgbase_id)
     to = [aur_request_ml]
     cc = get_request_recipients(cur, pkgbase_id, uid)
-    text = sys.stdin.read()
+    text = get_request_comment(cur, reqid)
 
     user_uri = aur_location + '/account/' + user + '/'
     pkgbase_uri = aur_location + '/pkgbase/' + pkgbase + '/'
@@ -252,7 +271,7 @@ def request_close(cur, uid, reqid, reason):
     pkgbase_id = pkgbase_from_pkgreq(cur, reqid)
     to = [aur_request_ml]
     cc = get_request_recipients(cur, pkgbase_id, uid)
-    text = sys.stdin.read()
+    text = get_request_closure_comment(cur, reqid);
 
     user_uri = aur_location + '/account/' + user + '/'
 
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index a166d65..6fb2b40 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -1277,11 +1277,10 @@ function account_set_ssh_keys($uid, $ssh_keys, $ssh_fingerprints) {
  * Invoke the email notification script.
  *
  * @param string $params Command line parameters for the script.
- * @param string $text Text to pass via stdin.
  *
  * @return void
  */
-function notify($params, $text='') {
+function notify($params) {
 	$cmd = config_get('notifications', 'notify-cmd');
 	foreach ($params as $param) {
 		$cmd .= ' ' . escapeshellarg($param);
@@ -1299,7 +1298,6 @@ function notify($params, $text='') {
 		return false;
 	}
 
-	fwrite($pipes[0], $text);
 	fclose($pipes[0]);
 	fclose($pipes[1]);
 	fclose($pipes[2]);
diff --git a/web/lib/pkgbasefuncs.inc.php b/web/lib/pkgbasefuncs.inc.php
index 7076c31..7b744d5 100644
--- a/web/lib/pkgbasefuncs.inc.php
+++ b/web/lib/pkgbasefuncs.inc.php
@@ -100,8 +100,9 @@ function pkgbase_add_comment($base_id, $uid, $comment) {
 	$q.= intval($base_id) . ", " . $uid . ", ";
 	$q.= $dbh->quote($comment) . ", UNIX_TIMESTAMP())";
 	$dbh->exec($q);
+	$comment_id = $dbh->lastInsertId();
 
-	notify(array('comment', $uid, $base_id), $comment);
+	notify(array('comment', $uid, $base_id, $comment_id));
 
 	return array(true, __('Comment has been added.'));
 }
@@ -401,7 +402,7 @@ function pkgbase_flag($base_ids, $comment) {
 	$dbh->exec($q);
 
 	foreach ($base_ids as $base_id) {
-		notify(array('flag', $uid, $base_id), $comment);
+		notify(array('flag', $uid, $base_id));
 	}
 
 	return array(true, __("The selected packages have been flagged out-of-date."));
diff --git a/web/lib/pkgreqfuncs.inc.php b/web/lib/pkgreqfuncs.inc.php
index c1a4931..cf56663 100644
--- a/web/lib/pkgreqfuncs.inc.php
+++ b/web/lib/pkgreqfuncs.inc.php
@@ -158,7 +158,7 @@ function pkgreq_file($ids, $type, $merge_into, $comments) {
 	if ($type === 'merge') {
 		$params[] = $merge_into;
 	}
-	notify($params, $comments);
+	notify($params);
 
 	$auto_orphan_age = config_get('options', 'auto_orphan_age');
 	$auto_delete_age = config_get('options', 'auto_delete_age');
@@ -233,7 +233,7 @@ function pkgreq_close($id, $reason, $comments, $auto_close=false) {
 	$dbh->exec($q);
 
 	/* Send e-mail notifications. */
-	notify(array('request-close', $uid, $id, $reason), $comments);
+	notify(array('request-close', $uid, $id, $reason));
 
 	return array(true, __("Request closed successfully."));
 }
-- 
2.6.4

More information about the aur-dev mailing list