2 files changed, 18 insertions, 2 deletions

diff --git a/lib/actionmailer_patches.rb b/lib/actionmailer_patches.rb
new file mode 100644
index 000000000..600d3c8cc
--- /dev/null
+++ b/lib/actionmailer_patches.rb
@@ -0,0 +1,15 @@
+# Monkey patch for CVE-2013-4389
+# derived from http://seclists.org/oss-sec/2013/q4/118 to fix
+# a possible DoS vulnerability in the log subscriber component of
+# Action Mailer.
+
+require 'action_mailer'
+module ActionMailer
+  class LogSubscriber < ActiveSupport::LogSubscriber
+    def deliver(event)
+      recipients = Array.wrap(event.payload[:to]).join(', ')
+      info("\nSent mail to #{recipients} (#{event.duration.round(1)}ms)")
+      debug(event.payload[:mail])
+    end
+  end
+end
diff --git a/lib/tasks/stats.rake b/lib/tasks/stats.rake
index 4eda27289..eb36204c6 100644
--- a/lib/tasks/stats.rake
+++ b/lib/tasks/stats.rake
@@ -94,7 +94,7 @@ namespace :stats do
   desc 'Update statistics in the public_bodies table'
   task :update_public_bodies_stats => :environment do
     verbose = ENV['VERBOSE'] == '1'
-    PublicBody.all.each do |public_body|
+    PublicBody.find_each(:batch_size => 10) do |public_body|
       puts "Counting overdue requests for #{public_body.name}" if verbose
 
       # Look for values of 'waiting_response_overdue' and
@@ -102,7 +102,8 @@ namespace :stats do
       # described_state column, and instead need to be calculated:
       overdue_count = 0
       very_overdue_count = 0
-      InfoRequest.find_each(:conditions => {:public_body_id => public_body.id}) do |ir|
+      InfoRequest.find_each(:batch_size => 200,
+                            :conditions => {:public_body_id => public_body.id}) do |ir|
         case ir.calculate_status
         when 'waiting_response_very_overdue'
           very_overdue_count += 1