SimpleMachines · Sesquipedalian · Nov 13, 2018 · Jul 13, 2018 · Jul 13, 2018 · Jul 16, 2018
diff --git a/Sources/Profile-Modify.php b/Sources/Profile-Modify.php
@@ -2253,20 +2253,23 @@ function alert_delete($toDelete, $memID = false)
 
 /**
  * Counts how many alerts a user has - either unread or all depending on $unread
+ * We can't use db_num_rows here, as we have to determine what boards the user can see
+ * Possibly in future versions as database support for json is mainstream, we can simplify this.
  *
  * @param int $memID The user ID.
  * @param bool $unread Whether to only count unread alerts.
  * @return int The number of requested alerts
  */
 function alert_count($memID, $unread = false)
 {
-	global $smcFunc;
+	global $smcFunc, $user_info;
 
 	if (empty($memID))
 		return false;
 
+	// We have to do this the slow way as to iterate over all possible boards the user can see.
 	$request = $smcFunc['db_query']('', '
-		SELECT id_alert
+		SELECT id_alert, extra
 		FROM {db_prefix}user_alerts
 		WHERE id_member = {int:id_member}
 			'.($unread ? '
@@ -2276,10 +2279,51 @@ function alert_count($memID, $unread = false)
 		)
 	);
 
-	$count = $smcFunc['db_num_rows']($request);
+	// First we dump alerts and possible boards information out.
+	$alerts = array();
+	$boards = array();
+	$possible_boards = array();
+	while ($row = $smcFunc['db_fetch_assoc']($request))
+	{
+		$alerts[$row['id_alert']] = !empty($row['extra']) ? $smcFunc['json_decode']($row['extra'], true) : array();
+
+		// Only add to possible boards ones that are not empty and that we haven't set before.
+		if (!empty($alerts[$row['id_alert']]['board']) && !isset($possible_boards[$alerts[$row['id_alert']]['board']]))
+			$possible_boards[$alerts[$row['id_alert']]['board']] = $alerts[$row['id_alert']]['board'];
+	}
 	$smcFunc['db_free_result']($request);
 
-	return $count;
+	// If this isn't the current user, get their boards.
+	if (isset($user_info) && $user_info['id'] != $memID)
+	{
+		$query_see_board = build_query_board($memID);
+		$query_see_board = $query_see_board['query_see_board'];
+	}
+
+	// Find only the boards they can see.
+	if (!empty($possible_boards))
+	{
+		$request = $smcFunc['db_query']('', '
+			SELECT id_board
+			FROM {db_prefix}boards AS b
+			WHERE ' . (!empty($query_see_board) ? '{raw:query_see_board}' : '{query_see_board}') . '
+				AND id_board IN ({array_int:boards})',
+			array(
+				'boards' => array_keys($possible_boards),
+				'query_see_board' => $query_see_board
+			)
+		);
+		while ($row = $smcFunc['db_fetch_assoc']($request))
+			$boards[$row['id_board']] = $row['id_board'];
+	}
+	unset($possible_boards);
+
+	// Now check alerts again and remove any they can't see.
+	foreach ($alerts as $id_alert => $extra)
+		if (!isset($boards[$extra['board']]))
+			unset($alerts[$id_alert]);		
+
+	return count($alerts);
 }
 
 /**

diff --git a/Sources/Profile-View.php b/Sources/Profile-View.php
@@ -218,15 +218,6 @@ function fetch_alerts($memID, $all = false, $counter = 0, $pagination = array(),
 	$query_see_board = build_query_board($memID);
 	$query_see_board = $query_see_board['query_see_board'];
 
-	$user_old = $user_info;
-	// are we someone else?
-	if (empty($user_info) || $user_info['id'] != $memID)
-	{
-		if (empty($user_profile[$memID]))
-			loadMemberData($memID, false, 'profile');
-		$user_info = $user_profile[$memID];
-	}
-
 	$alerts = array();
 	$request = $smcFunc['db_query']('', '
 		SELECT id_alert, alert_time, mem.id_member AS sender_id, COALESCE(mem.real_name, ua.member_name) AS sender_name,
@@ -259,7 +250,7 @@ function fetch_alerts($memID, $all = false, $counter = 0, $pagination = array(),
 	}
 	$smcFunc['db_free_result']($request);
 
-	if($withSender)
+	if ($withSender)
 	{
 		$senders = loadMemberData($senders);
 		foreach ($senders as $member)
@@ -375,17 +366,19 @@ function fetch_alerts($memID, $all = false, $counter = 0, $pagination = array(),
 			$extra = $alerts[$id_alert]['extra'];
 			$search = array('{member_link}', '{scripturl}');
 			$repl = array(!empty($alert['sender_id']) ? '<a href="' . $scripturl . '?action=profile;u=' . $alert['sender_id'] . '">' . $alert['sender_name'] . '</a>' : $alert['sender_name'], $scripturl);
-			foreach ($extra as $k => $v)
+
+			if (is_array($extra))
 			{
-				$search[] = '{' . $k . '}';
-				$repl[] = $v;
+				foreach ($extra as $k => $v)
+				{
+					$search[] = '{' . $k . '}';
+					$repl[] = $v;
+				}
 			}
 			$alerts[$id_alert]['text'] = str_replace($search, $repl, $txt[$string]);
 		}
 	}
 
-	$user_info = $user_old;
-
 	return $alerts;
 }
 

diff --git a/Sources/Subs.php b/Sources/Subs.php
@@ -386,15 +386,12 @@ function updateMemberData($members, $data)
 			{
 				$val = 'CASE ';
 				foreach ($members as $k => $v)
-					$val .= 'WHEN id_member = ' . $v . ' THEN '. count(fetch_alerts($v, false, 0, array(), false)) . ' ';
+					$val .= 'WHEN id_member = ' . $v . ' THEN '. alert_count($v, false) . ' ';
 				$val = $val . ' END';
 				$type = 'raw';
 			}
 			else
-			{
-				$blub = fetch_alerts($members, false, 0, array(), false);
-				$val = count($blub);
-			}
+				$val = alert_count($members, false);
 		}
 		else if ($type == 'int' && ($val === '+' || $val === '-'))
 		{
@@ -6261,7 +6258,8 @@ function build_query_board($userid)
 	$mod_cache;
 	$ignoreboards;
 
-	if ($user_info['id'] == $userid)
+	// If we come from cron, we can't have a $user_info.
+	if (isset($user_info['id']) && $user_info['id'] == $userid)
 	{
 		$groups = $user_info['groups'];
 		$is_admin = $user_info['is_admin'];