diff options
| -rw-r--r-- | api4/channel.go | 11 | ||||
| -rw-r--r-- | api4/file.go | 3 | ||||
| -rw-r--r-- | app/post.go | 6 | ||||
| -rw-r--r-- | model/channel.go | 3 | ||||
| -rw-r--r-- | store/sqlstore/post_store.go | 2 | ||||
| -rw-r--r-- | store/storetest/post_store.go | 4 |
6 files changed, 19 insertions, 10 deletions
diff --git a/api4/channel.go b/api4/channel.go index 1599b6e70..d497c9793 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -97,10 +97,11 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { } var oldChannel *model.Channel - var err *model.AppError - if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { + if originalOldChannel, err := c.App.GetChannel(channel.Id); err != nil { c.Err = err return + } else { + oldChannel = originalOldChannel.DeepCopy() } switch oldChannel.Type { @@ -229,10 +230,12 @@ func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } - oldChannel, err := c.App.GetChannel(c.Params.ChannelId) - if err != nil { + var oldChannel *model.Channel + if originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId); err != nil { c.Err = err return + } else { + oldChannel = originalOldChannel.DeepCopy() } switch oldChannel.Type { diff --git a/api4/file.go b/api4/file.go index cfb72cdcb..3bb4ea9d6 100644 --- a/api4/file.go +++ b/api4/file.go @@ -4,6 +4,7 @@ package api4 import ( + "crypto/subtle" "io" "io/ioutil" "net/http" @@ -342,7 +343,7 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) { return } - if hash != app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt) { + if subtle.ConstantTimeCompare([]byte(hash), []byte(app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt))) != 1 { c.Err = model.NewAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "", http.StatusBadRequest) utils.RenderWebAppError(c.App.Config(), w, r, c.Err, c.App.AsymmetricSigningKey()) return diff --git a/app/post.go b/app/post.go index 86c96926e..114029f44 100644 --- a/app/post.go +++ b/app/post.go @@ -705,8 +705,10 @@ func (a *App) SearchPostsInTeam(terms string, userId string, teamId string, isOr return nil, presult.Err } else { for _, p := range presult.Data.([]*model.Post) { - postList.AddPost(p) - postList.AddOrder(p.Id) + if p.DeleteAt == 0 { + postList.AddPost(p) + postList.AddOrder(p.Id) + } } } } diff --git a/model/channel.go b/model/channel.go index 7a57496ae..09e5e389c 100644 --- a/model/channel.go +++ b/model/channel.go @@ -59,6 +59,9 @@ type ChannelPatch struct { func (o *Channel) DeepCopy() *Channel { copy := *o + if copy.SchemeId != nil { + copy.SchemeId = NewString(*o.SchemeId) + } return © } diff --git a/store/sqlstore/post_store.go b/store/sqlstore/post_store.go index 14a6039bc..9cf33888d 100644 --- a/store/sqlstore/post_store.go +++ b/store/sqlstore/post_store.go @@ -1156,7 +1156,7 @@ func (s *SqlPostStore) GetPostsByIds(postIds []string) store.StoreChannel { params[key] = postId } - query := `SELECT * FROM Posts WHERE Id in (` + keys.String() + `) and DeleteAt = 0 ORDER BY CreateAt DESC` + query := `SELECT * FROM Posts WHERE Id in (` + keys.String() + `) ORDER BY CreateAt DESC` var posts []*model.Post _, err := s.GetReplica().Select(&posts, query, params) diff --git a/store/storetest/post_store.go b/store/storetest/post_store.go index 5ab88847e..72819f49e 100644 --- a/store/storetest/post_store.go +++ b/store/storetest/post_store.go @@ -1674,8 +1674,8 @@ func testPostStoreGetPostsByIds(t *testing.T, ss store.Store) { store.Must(ss.Post().Delete(ro1.Id, model.GetMillis(), "")) - if ro5 := store.Must(ss.Post().GetPostsByIds(postIds)).([]*model.Post); len(ro5) != 2 { - t.Fatalf("Expected 2 posts in results. Got %v", len(ro5)) + if ro5 := store.Must(ss.Post().GetPostsByIds(postIds)).([]*model.Post); len(ro5) != 3 { + t.Fatalf("Expected 3 posts in results. Got %v", len(ro5)) } } |