From 72258266aa4556557262bb517918ba2194bd7edb Mon Sep 17 00:00:00 2001
From: George Goldberg <george@gberg.me>
Date: Thu, 6 Sep 2018 22:41:19 +0100
Subject: MM-11649: Fix caching issue in channel API endpoints. (#9345)

This fixes an issue where the cached Channel objects would contain data
from a failed update when the update to the database failed.
---
 api4/channel.go  | 11 +++++++----
 model/channel.go |  3 +++
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/api4/channel.go b/api4/channel.go
index 1599b6e70..d497c9793 100644
--- a/api4/channel.go
+++ b/api4/channel.go
@@ -97,10 +97,11 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	var oldChannel *model.Channel
-	var err *model.AppError
-	if oldChannel, err = c.App.GetChannel(channel.Id); err != nil {
+	if originalOldChannel, err := c.App.GetChannel(channel.Id); err != nil {
 		c.Err = err
 		return
+	} else {
+		oldChannel = originalOldChannel.DeepCopy()
 	}
 
 	switch oldChannel.Type {
@@ -229,10 +230,12 @@ func patchChannel(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	oldChannel, err := c.App.GetChannel(c.Params.ChannelId)
-	if err != nil {
+	var oldChannel *model.Channel
+	if originalOldChannel, err := c.App.GetChannel(c.Params.ChannelId); err != nil {
 		c.Err = err
 		return
+	} else {
+		oldChannel = originalOldChannel.DeepCopy()
 	}
 
 	switch oldChannel.Type {
diff --git a/model/channel.go b/model/channel.go
index 7a57496ae..09e5e389c 100644
--- a/model/channel.go
+++ b/model/channel.go
@@ -59,6 +59,9 @@ type ChannelPatch struct {
 
 func (o *Channel) DeepCopy() *Channel {
 	copy := *o
+	if copy.SchemeId != nil {
+		copy.SchemeId = NewString(*o.SchemeId)
+	}
 	return &copy
 }
 
-- 
cgit v1.2.3-1-g7c22


From bb605a6b91073714f6b9a59b86c25c1b46bd2ba9 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Mon, 10 Sep 2018 06:19:29 -0700
Subject: Changing comparison method. (#9383)

---
 api4/file.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/api4/file.go b/api4/file.go
index cfb72cdcb..3bb4ea9d6 100644
--- a/api4/file.go
+++ b/api4/file.go
@@ -4,6 +4,7 @@
 package api4
 
 import (
+	"crypto/subtle"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -342,7 +343,7 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if hash != app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt) {
+	if subtle.ConstantTimeCompare([]byte(hash), []byte(app.GeneratePublicLinkHash(info.Id, *c.App.Config().FileSettings.PublicLinkSalt))) != 1 {
 		c.Err = model.NewAppError("getPublicFile", "api.file.get_file.public_invalid.app_error", nil, "", http.StatusBadRequest)
 		utils.RenderWebAppError(c.App.Config(), w, r, c.Err, c.App.AsymmetricSigningKey())
 		return
-- 
cgit v1.2.3-1-g7c22


From a8d116b381ec9c28c5da5c8ee39a3699f568130d Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Mon, 10 Sep 2018 06:20:01 -0700
Subject: Speed up search results post selection. (#9380)

---
 app/post.go                   | 6 ++++--
 store/sqlstore/post_store.go  | 2 +-
 store/storetest/post_store.go | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/post.go b/app/post.go
index 30602b392..8cfc6d659 100644
--- a/app/post.go
+++ b/app/post.go
@@ -705,8 +705,10 @@ func (a *App) SearchPostsInTeam(terms string, userId string, teamId string, isOr
 				return nil, presult.Err
 			} else {
 				for _, p := range presult.Data.([]*model.Post) {
-					postList.AddPost(p)
-					postList.AddOrder(p.Id)
+					if p.DeleteAt == 0 {
+						postList.AddPost(p)
+						postList.AddOrder(p.Id)
+					}
 				}
 			}
 		}
diff --git a/store/sqlstore/post_store.go b/store/sqlstore/post_store.go
index 14a6039bc..9cf33888d 100644
--- a/store/sqlstore/post_store.go
+++ b/store/sqlstore/post_store.go
@@ -1156,7 +1156,7 @@ func (s *SqlPostStore) GetPostsByIds(postIds []string) store.StoreChannel {
 			params[key] = postId
 		}
 
-		query := `SELECT * FROM Posts WHERE Id in (` + keys.String() + `) and DeleteAt = 0 ORDER BY CreateAt DESC`
+		query := `SELECT * FROM Posts WHERE Id in (` + keys.String() + `) ORDER BY CreateAt DESC`
 
 		var posts []*model.Post
 		_, err := s.GetReplica().Select(&posts, query, params)
diff --git a/store/storetest/post_store.go b/store/storetest/post_store.go
index b3a7e8d12..235d6f9b7 100644
--- a/store/storetest/post_store.go
+++ b/store/storetest/post_store.go
@@ -1674,8 +1674,8 @@ func testPostStoreGetPostsByIds(t *testing.T, ss store.Store) {
 
 	store.Must(ss.Post().Delete(ro1.Id, model.GetMillis(), ""))
 
-	if ro5 := store.Must(ss.Post().GetPostsByIds(postIds)).([]*model.Post); len(ro5) != 2 {
-		t.Fatalf("Expected 2 posts in results. Got %v", len(ro5))
+	if ro5 := store.Must(ss.Post().GetPostsByIds(postIds)).([]*model.Post); len(ro5) != 3 {
+		t.Fatalf("Expected 3 posts in results. Got %v", len(ro5))
 	}
 }
 
-- 
cgit v1.2.3-1-g7c22