Simplify the descendent logic. viewable() already joins with the

items table so there's no need for a subquery. The subquery could generate way too many ids since it didn't pay attention to permissions. This isn't a security problem since we were restricting the item ids according to permissions in the outer query, but it's wasteful.
2026-04-24 22:49:17 -04:00 · 2010-06-20 10:55:10 -07:00
parent fcd39be28b
commit 7500273228
1 changed files with 6 additions and 7 deletions
--- a/modules/comment/helpers/comment_rss.php
+++ b/modules/comment/helpers/comment_rss.php
@@ -35,17 +35,14 @@ class comment_rss_Core {

    $comments = ORM::factory("comment")
      ->viewable()
-      ->where("state", "=", "published")
-      ->order_by("created", "DESC");
+      ->where("comments.state", "=", "published")
+      ->order_by("comments.created", "DESC");

    if ($feed_id == "item") {
      $item = ORM::factory("item", $id);
-      $subquery = db::select("id")
-        ->from("items")
-        ->where("left_ptr", ">=", $item->left_ptr)
-        ->where("right_ptr", "<=", $item->right_ptr);
      $comments
-        ->where("item_id", "in", $subquery);
+        ->where("items.left_ptr", ">=", $item->left_ptr)
+        ->where("items.right_ptr", "<=", $item->right_ptr);
    }

    $feed = new stdClass();
@@ -65,6 +62,8 @@ class comment_rss_Core {
        ArrayObject::ARRAY_AS_PROPS);
    }

+    Kohana_Log::add("error",print_r(Database::instance()->last_query(),1));
+
    $feed->max_pages = ceil($comments->count_all() / $limit);
    $feed->title = htmlspecialchars(t("Recent Comments"));
    $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id));