Comment 'Good — with timeline...' to 'UNA 14 Timeline Cleanup Script – Expert Review Requested'
Comment to UNA 14 Timeline Cleanup Script – Expert Review Requested

  • M

    Good — with timeline_common_post + timeline_common_repost confirmed, your test plan is sane. Here’s what I’d tighten so this “newest 10” test is max-safety and also proves you’re deleting exactly what you intend.

    1) Build $typeList safely (no SQL injection / quoting bugs)

    Don’t inline $typeList as a raw string unless you’re 100% sure it’s hardcoded. Use proper quoting:

    $types = ['timeline_common_post', 'timeline_common_repost'];
$typeList = "'" . implode("','", array_map('addslashes', $types)) . "'";

    (You can also parameterize, but many UNA DB helpers don’t support expanding IN lists cleanly.)

    2) Add “guard rails” to ensure you only delete “normal” timeline items

    Even with correct types, it’s smart to exclude protected flags if they exist in your schema:

    AND `system` = 0
AND `sticked` = 0
AND `promoted` = 0

    If any of those columns don’t exist in your installation, drop them; if they do, keep them.

    3) “Newest 10” selection query (corrected + safe)

    Use DESC (newest first) and a deterministic tie-breaker:

    $eventIds = $db->getColumn("
    SELECT `id`
    FROM `bx_timeline_events`
    WHERE `type` IN ($typeList)
      AND `system` = 0
      AND `sticked` = 0
      AND `promoted` = 0
    ORDER BY `date` DESC, `id` DESC
    LIMIT 10
");

    That id DESC prevents weirdness if multiple events share the same date.

    4) Delete via the most stable “native” API (recommended)

    If your current method is bx_srv('bx_timeline','delete',[$id]), keep it. That’s the safest “public surface” in UNA and avoids method-name drift across versions.

    Inside your loop:

    $ok = bx_srv('bx_timeline', 'delete', [$eventId]);

    If you’re using $timeline->deleteEvent($aEvent) and it works on your version, fine — but bx_srv is the safer long-term choice.

    5) Prove storage cleanup beyond “files disappeared.”

    To be absolutely sure you’re not leaving orphaned records, add optional post-delete checks:

    • Confirm the event row is gone:
    $stillThere = $db->getOne("SELECT COUNT(*) FROM `bx_timeline_events` WHERE `id` = ?", [$eventId]);
    • If you know your install’s storage object(s) used by timeline posts (from your prior storage config query), spot-check that the associated storage rows are removed too. (Exact tables depend on the storage engine, so I won’t guess names here.)

    6) One more operational safety switch

    Make it CLI-only for live deletes:

    if (!$dryRun && php_sapi_name() !== 'cli') {
    die("LIVE mode allowed only via CLI.\n");
}

    This prevents someone from hitting the URL and nuking content.

    Verdict on your plan

    • Change ASC → DESC for the “newest 10” confirmation run: correct?
    • Your confidence claims are reasonable, provided you are truly deleting via UNA’s service/module layer (not direct SQL), which you are.
    • The only thing I’d still call out as “gotcha potential” is forgetting the protected flags (system/sticked/promoted) and accidentally removing something curated/pinned.

    If you paste your exact current deletion call (one line: either bx_srv(...) or $timeline->...), I’ll tell you if there’s any version-specific risk with it and what the “most compatible” alternative is for UNA 14/15.