From d1cb1258d8777de39dcd2aed85dedf3de55fc03f Mon Sep 17 00:00:00 2001
From: Dries <dries@buytaert.net>
Date: Thu, 26 Jul 2012 17:40:46 -0400
Subject: [PATCH] - Patch #1204658 by kbasarab, Berdir, tim.plunkett, webchick:
remove node access base table fallback.
---
core/modules/comment/comment.module | 3 +++
core/modules/forum/forum.module | 5 +++-
core/modules/node/node.module | 36 +++-----------------------
core/modules/taxonomy/taxonomy.module | 1 +
core/modules/tracker/tracker.pages.inc | 1 +
5 files changed, 13 insertions(+), 33 deletions(-)
diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module
index 9f47d37b2ab9..0a7b2616550d 100644
--- a/core/modules/comment/comment.module
+++ b/core/modules/comment/comment.module
@@ -528,6 +528,7 @@ function comment_get_recent($number = 10) {
$query = db_select('comment', 'c');
$query->innerJoin('node', 'n', 'n.nid = c.nid');
$query->addTag('node_access');
+ $query->addMetaData('base_table', 'comment');
$comments = $query
->fields('c')
->condition('c.status', COMMENT_PUBLISHED)
@@ -860,6 +861,7 @@ function comment_get_thread(Node $node, $mode, $comments_per_page) {
->condition('c.nid', $node->nid)
->addTag('node_access')
->addTag('comment_filter')
+ ->addMetaData('base_table', 'comment')
->addMetaData('node', $node)
->limit($comments_per_page);
@@ -869,6 +871,7 @@ function comment_get_thread(Node $node, $mode, $comments_per_page) {
->condition('c.nid', $node->nid)
->addTag('node_access')
->addTag('comment_filter')
+ ->addMetaData('base_table', 'comment')
->addMetaData('node', $node);
if (!user_access('administer comments')) {
diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module
index ca9bf7eb5560..f557c4051e57 100644
--- a/core/modules/forum/forum.module
+++ b/core/modules/forum/forum.module
@@ -679,7 +679,8 @@ function forum_block_save($delta = '', $edit = array()) {
function forum_block_view($delta = '') {
$query = db_select('forum_index', 'f')
->fields('f')
- ->addTag('node_access');
+ ->addTag('node_access')
+ ->addMetaData('base_table', 'forum_index');
switch ($delta) {
case 'active':
$title = t('Active forum topics');
@@ -928,6 +929,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$query
->condition('f.tid', $tid)
->addTag('node_access')
+ ->addMetaData('base_table', 'forum_index')
->orderBy('f.sticky', 'DESC')
->orderByHeader($forum_topic_list_header)
->limit($forum_per_page);
@@ -936,6 +938,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$count_query->condition('f.tid', $tid);
$count_query->addExpression('COUNT(*)');
$count_query->addTag('node_access');
+ $count_query->addMetaData('base_table', 'forum_index');
$query->setCountQuery($count_query);
$result = $query->execute();
diff --git a/core/modules/node/node.module b/core/modules/node/node.module
index 8db32bed4c11..52b14710e697 100644
--- a/core/modules/node/node.module
+++ b/core/modules/node/node.module
@@ -3258,10 +3258,9 @@ function _node_query_node_access_alter($query, $type) {
$tables = $query->getTables();
$base_table = $query->getMetaData('base_table');
- // If no base table is specified explicitly, search for one.
+ // If the base table is not given, default to node if present.
if (!$base_table) {
- $fallback = '';
- foreach ($tables as $alias => $table_info) {
+ foreach ($tables as $table_info) {
if (!($table_info instanceof SelectInterface)) {
$table = $table_info['table'];
// If the node table is in the query, it wins immediately.
@@ -3269,38 +3268,11 @@ function _node_query_node_access_alter($query, $type) {
$base_table = $table;
break;
}
- // Check whether the table has a foreign key to node.nid. If it does,
- // do not run this check again as we found a base table and only node
- // can triumph that.
- if (!$base_table) {
- // The schema is cached.
- $schema = drupal_get_schema($table);
- if (isset($schema['fields']['nid'])) {
- if (isset($schema['foreign keys'])) {
- foreach ($schema['foreign keys'] as $relation) {
- if ($relation['table'] === 'node' && $relation['columns'] === array('nid' => 'nid')) {
- $base_table = $table;
- }
- }
- }
- else {
- // At least it's a nid. A table with a field called nid is very
- // very likely to be a node.nid in a node access query.
- $fallback = $table;
- }
- }
- }
}
}
- // If there is nothing else, use the fallback.
+ // Bail out if the base table is missing.
if (!$base_table) {
- if ($fallback) {
- watchdog('security', 'Your node listing query is using @fallback as a base table in a query tagged for node access. This might not be secure and might not even work. Specify foreign keys in your schema to node.nid ', array('@fallback' => $fallback), WATCHDOG_WARNING);
- $base_table = $fallback;
- }
- else {
- throw new Exception(t('Query tagged for node access but there is no nid. Add foreign keys to node.nid in schema to fix.'));
- }
+ throw new Exception(t('Query tagged for node access but there is no node table, specify the base_table using meta data.'));
}
}
diff --git a/core/modules/taxonomy/taxonomy.module b/core/modules/taxonomy/taxonomy.module
index f55ac1d991bc..1086f19681ba 100644
--- a/core/modules/taxonomy/taxonomy.module
+++ b/core/modules/taxonomy/taxonomy.module
@@ -228,6 +228,7 @@ function taxonomy_select_nodes($tid, $pager = TRUE, $limit = FALSE, $order = arr
}
$query = db_select('taxonomy_index', 't');
$query->addTag('node_access');
+ $query->addMetaData('base_table', 'taxonomy_index');
$query->condition('tid', $tid);
if ($pager) {
$count_query = clone $query;
diff --git a/core/modules/tracker/tracker.pages.inc b/core/modules/tracker/tracker.pages.inc
index a36bf13a59d4..f012264193f2 100644
--- a/core/modules/tracker/tracker.pages.inc
+++ b/core/modules/tracker/tracker.pages.inc
@@ -39,6 +39,7 @@ function tracker_page($account = NULL, $set_title = FALSE) {
// while keeping the correct order.
$nodes = $query
->addTag('node_access')
+ ->addMetaData('base_table', 'tracker_node')
->fields('t', array('nid', 'changed'))
->condition('t.published', 1)
->orderBy('t.changed', 'DESC')
--
GitLab