From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 26 Sep 2023 07:45:05 +0000 (+0200)
Subject: Fix filtering the modification log from invisible participants
X-Git-Tag: 5.4.32~1^2~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=40edd0891d0003c5441dfd2c067eeb5632fbc2ed;p=GitHub%2FWoltLab%2Fcom.woltlab.wcf.conversation.git

Fix filtering the modification log from invisible participants

There is a previous commit relating to this issue in
28484add293eac5d0299d991ffaaa9f478c418e1, but it either never worked or no
longer works. Possibly this got broken when the conversations were refactored
to allow for removal of participants, while still allowing them to see the
contents up to their removal.

The ConversationParticipantList implicitly filters out invisible participants
internally, thus they don't will never be added to the invisibleParticipantIDs.

Fix this issue by inverting the logic: Instead of filtering out all invisible
participants, the query will now only include visible participants that are
guaranteed to be visible.

This fix will affect existing conversations.

see https://www.woltlab.com/community/thread/301779-konversation-mit-bcc-leakt-teilnehmer/
---

diff --git a/files/lib/page/ConversationPage.class.php b/files/lib/page/ConversationPage.class.php
index c30e3df..b7b2ec1 100644
--- a/files/lib/page/ConversationPage.class.php
+++ b/files/lib/page/ConversationPage.class.php
@@ -294,14 +294,12 @@ class ConversationPage extends MultipleLinkPage
         }
         $this->objectList->rewind();
 
-        // get invisible participants
-        $invisibleParticipantIDs = [];
-        if (WCF::getUser()->userID != $this->conversation->userID) {
-            foreach ($this->participantList as $participant) {
-                /** @noinspection PhpUndefinedFieldInspection */
-                if ($participant->isInvisible) {
-                    $invisibleParticipantIDs[] = $participant->userID;
-                }
+        // get visible participants
+        $visibleParticipantIDs = [];
+        foreach ($this->participantList as $participant) {
+            /** @noinspection PhpUndefinedFieldInspection */
+            if (!$participant->isInvisible || WCF::getUser()->userID == $this->conversation->userID) {
+                $visibleParticipantIDs[] = $participant->userID;
             }
         }
 
@@ -309,13 +307,10 @@ class ConversationPage extends MultipleLinkPage
         $this->modificationLogList = new ConversationLogModificationLogList($this->conversation->conversationID);
         $this->modificationLogList->getConditionBuilder()
             ->add("modification_log.time BETWEEN ? AND ?", [$startTime, $endTime]);
-
-        if (!empty($invisibleParticipantIDs)) {
-            $this->modificationLogList->getConditionBuilder()->add(
-                "(modification_log.action <> ? OR modification_log.userID NOT IN (?))",
-                ['leave', $invisibleParticipantIDs]
-            );
-        }
+        $this->modificationLogList->getConditionBuilder()->add(
+            "modification_log.userID IN (?)",
+            [$visibleParticipantIDs]
+        );
 
         $this->modificationLogList->readObjects();
     }