Profile.view.php / trackActivity

Started by Z217, June 16, 2016, 02:45:14 AM

Previous topic - Next topic

Z217

Hey all,

Working on a security plugin, I noticed that in Profile.view.php under the function trackActivity, line 984 says:

983:    // If this is a big forum, or a large posting user, let's limit the search.
984:    if ($modSettings['totalMessages'] > 50000 && $user_profile[$memID]['posts'] > 500)
985:    {

Shouldn't this be:

983:    // If this is a big forum, or a large posting user, let's limit the search.
984:    if ($modSettings['totalMessages'] > 50000 || $user_profile[$memID]['posts'] > 500)
985:    {

(OR instead of AND) since otherwise it will only limit the search if a large board and a large posting user.

Found in version 2.0.11

~Søren

Z217

#1
Oh, and an additional point, the searching seems a bit piculiar in places, e.g. line 998:

997: // There's no point worrying ourselves with messages made yonks ago, just get recent ones!
998: $min_msg_member = max(0, $max_msg_member - $user_profile[$memID]['posts'] * 3);


Only searching back to forum messages (not just this users messages) with an id within the range of 3 times the user's posts would limit it drastically for users with only a handful messages. I'd propose replacing it with something like:

997: // There's no point worrying ourselves with messages made yonks ago, just get recent ones!
998 $min_msg_member = max(0, $max_msg_member - 50000);


... with 50000 since that was already what was used to determine a forum as 'big' above.

Finally, it might make sense to limit the following database searches to min($user_profile[$memID]['posts'],500) for performance, that is adding something along the lines of:


        LIMIT {int:limit} 
        ...
            'limit' => min($user_profile[$memID]['posts'],500),

Advertisement: