[ticket/9657] Check for post visibility when searching with Sphinx

This update will require admins to manually update their Sphinx config file aswell as to delete the index and rebuild it from scratch. Before this is done the search will not be usable anymore. PHPBB3-9657
2025-06-08 04:18:52 +00:00 · 2013-03-14 12:10:07 +01:00 · 2013-03-14 12:10:07 +01:00 · d41cf293e1
commit d41cf293e1
parent 74f4fd724e
2 changed files with 13 additions and 2 deletions
--- a/phpBB/docs/sphinx.sample.conf
+++ b/phpBB/docs/sphinx.sample.conf
@ -19,6 +19,8 @@ source source_phpbb_{SPHINX_ID}_main
 							p.topic_id,
 \
 							p.poster_id,
+\
+							p.post_visibility,
 \
 							CASE WHEN p.post_id = t.topic_first_post_id THEN 1 ELSE 0 END as topic_first_post,
 \
@ -47,6 +49,7 @@ source source_phpbb_{SPHINX_ID}_main
 	sql_attr_uint = forum_id
 	sql_attr_uint = topic_id
 	sql_attr_uint = poster_id
+	sql_attr_uint = post_visibility
 	sql_attr_bool = topic_first_post
 	sql_attr_bool = deleted
 	sql_attr_timestamp = post_time
@ -66,6 +69,8 @@ source source_phpbb_{SPHINX_ID}_delta : source_phpbb_{SPHINX_ID}_main
 							p.topic_id,
 \
 							p.poster_id,
+\
+							p.post_visibility,
 \
 							CASE WHEN p.post_id = t.topic_first_post_id THEN 1 ELSE 0 END as topic_first_post,
 \
--- a/phpBB/includes/search/fulltext_sphinx.php
+++ b/phpBB/includes/search/fulltext_sphinx.php
@ -274,6 +274,7 @@ class phpbb_search_fulltext_sphinx
 						p.forum_id,
 						p.topic_id,
 						p.poster_id,
+						p.post_visibility,
 						CASE WHEN p.post_id = t.topic_first_post_id THEN 1 ELSE 0 END as topic_first_post,
 						p.post_time,
 						p.post_subject,
@ -291,6 +292,7 @@ class phpbb_search_fulltext_sphinx
 				array('sql_attr_uint',				'forum_id'),
 				array('sql_attr_uint',				'topic_id'),
 				array('sql_attr_uint',				'poster_id'),
+				array('sql_attr_uint',				'post_visibility'),
 				array('sql_attr_bool',				'topic_first_post'),
 				array('sql_attr_bool',				'deleted'),
 				array('sql_attr_timestamp'	,		'post_time'),
@ -306,6 +308,7 @@ class phpbb_search_fulltext_sphinx
 						p.forum_id,
 						p.topic_id,
 						p.poster_id,
+						p.post_visibility,
 						CASE WHEN p.post_id = t.topic_first_post_id THEN 1 ELSE 0 END as topic_first_post,
 						p.post_time,
 						p.post_subject,
@ -569,10 +572,13 @@ class phpbb_search_fulltext_sphinx
 			$this->sphinx->SetFilter('poster_id', $author_ary);
 		}

+		// As this is not simply possible at the moment, we limit the result to approved posts.
+		// This will make it impossible for moderators to search unapproved and softdeleted posts,
+		// but at least it will also cause the same for normal users.
+		$this->sphinx->SetFilter('post_visibility', array(ITEM_APPROVED));
+
 		if (sizeof($ex_fid_ary))
 		{
-			//@todo: Limit using $post_visibility
-
 			// All forums that a user is allowed to access
 			$fid_ary = array_unique(array_intersect(array_keys($this->auth->acl_getf('f_read', true)), array_keys($this->auth->acl_getf('f_search', true))));
 			// All forums that the user wants to and can search in