From d1cb1258d8777de39dcd2aed85dedf3de55fc03f Mon Sep 17 00:00:00 2001 From: Dries Date: Thu, 26 Jul 2012 17:40:46 -0400 Subject: [PATCH] - Patch #1204658 by kbasarab, Berdir, tim.plunkett, webchick: remove node access base table fallback. --- core/modules/comment/comment.module | 3 +++ core/modules/forum/forum.module | 5 +++- core/modules/node/node.module | 36 +++----------------------- core/modules/taxonomy/taxonomy.module | 1 + core/modules/tracker/tracker.pages.inc | 1 + 5 files changed, 13 insertions(+), 33 deletions(-) diff --git a/core/modules/comment/comment.module b/core/modules/comment/comment.module index 9f47d37b2ab..0a7b2616550 100644 --- a/core/modules/comment/comment.module +++ b/core/modules/comment/comment.module @@ -528,6 +528,7 @@ function comment_get_recent($number = 10) { $query = db_select('comment', 'c'); $query->innerJoin('node', 'n', 'n.nid = c.nid'); $query->addTag('node_access'); + $query->addMetaData('base_table', 'comment'); $comments = $query ->fields('c') ->condition('c.status', COMMENT_PUBLISHED) @@ -860,6 +861,7 @@ function comment_get_thread(Node $node, $mode, $comments_per_page) { ->condition('c.nid', $node->nid) ->addTag('node_access') ->addTag('comment_filter') + ->addMetaData('base_table', 'comment') ->addMetaData('node', $node) ->limit($comments_per_page); @@ -869,6 +871,7 @@ function comment_get_thread(Node $node, $mode, $comments_per_page) { ->condition('c.nid', $node->nid) ->addTag('node_access') ->addTag('comment_filter') + ->addMetaData('base_table', 'comment') ->addMetaData('node', $node); if (!user_access('administer comments')) { diff --git a/core/modules/forum/forum.module b/core/modules/forum/forum.module index ca9bf7eb556..f557c4051e5 100644 --- a/core/modules/forum/forum.module +++ b/core/modules/forum/forum.module @@ -679,7 +679,8 @@ function forum_block_save($delta = '', $edit = array()) { function forum_block_view($delta = '') { $query = db_select('forum_index', 'f') ->fields('f') - ->addTag('node_access'); + ->addTag('node_access') + ->addMetaData('base_table', 'forum_index'); switch ($delta) { case 'active': $title = t('Active forum topics'); @@ -928,6 +929,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { $query ->condition('f.tid', $tid) ->addTag('node_access') + ->addMetaData('base_table', 'forum_index') ->orderBy('f.sticky', 'DESC') ->orderByHeader($forum_topic_list_header) ->limit($forum_per_page); @@ -936,6 +938,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { $count_query->condition('f.tid', $tid); $count_query->addExpression('COUNT(*)'); $count_query->addTag('node_access'); + $count_query->addMetaData('base_table', 'forum_index'); $query->setCountQuery($count_query); $result = $query->execute(); diff --git a/core/modules/node/node.module b/core/modules/node/node.module index 8db32bed4c1..52b14710e69 100644 --- a/core/modules/node/node.module +++ b/core/modules/node/node.module @@ -3258,10 +3258,9 @@ function _node_query_node_access_alter($query, $type) { $tables = $query->getTables(); $base_table = $query->getMetaData('base_table'); - // If no base table is specified explicitly, search for one. + // If the base table is not given, default to node if present. if (!$base_table) { - $fallback = ''; - foreach ($tables as $alias => $table_info) { + foreach ($tables as $table_info) { if (!($table_info instanceof SelectInterface)) { $table = $table_info['table']; // If the node table is in the query, it wins immediately. @@ -3269,38 +3268,11 @@ function _node_query_node_access_alter($query, $type) { $base_table = $table; break; } - // Check whether the table has a foreign key to node.nid. If it does, - // do not run this check again as we found a base table and only node - // can triumph that. - if (!$base_table) { - // The schema is cached. - $schema = drupal_get_schema($table); - if (isset($schema['fields']['nid'])) { - if (isset($schema['foreign keys'])) { - foreach ($schema['foreign keys'] as $relation) { - if ($relation['table'] === 'node' && $relation['columns'] === array('nid' => 'nid')) { - $base_table = $table; - } - } - } - else { - // At least it's a nid. A table with a field called nid is very - // very likely to be a node.nid in a node access query. - $fallback = $table; - } - } - } } } - // If there is nothing else, use the fallback. + // Bail out if the base table is missing. if (!$base_table) { - if ($fallback) { - watchdog('security', 'Your node listing query is using @fallback as a base table in a query tagged for node access. This might not be secure and might not even work. Specify foreign keys in your schema to node.nid ', array('@fallback' => $fallback), WATCHDOG_WARNING); - $base_table = $fallback; - } - else { - throw new Exception(t('Query tagged for node access but there is no nid. Add foreign keys to node.nid in schema to fix.')); - } + throw new Exception(t('Query tagged for node access but there is no node table, specify the base_table using meta data.')); } } diff --git a/core/modules/taxonomy/taxonomy.module b/core/modules/taxonomy/taxonomy.module index f55ac1d991b..1086f19681b 100644 --- a/core/modules/taxonomy/taxonomy.module +++ b/core/modules/taxonomy/taxonomy.module @@ -228,6 +228,7 @@ function taxonomy_select_nodes($tid, $pager = TRUE, $limit = FALSE, $order = arr } $query = db_select('taxonomy_index', 't'); $query->addTag('node_access'); + $query->addMetaData('base_table', 'taxonomy_index'); $query->condition('tid', $tid); if ($pager) { $count_query = clone $query; diff --git a/core/modules/tracker/tracker.pages.inc b/core/modules/tracker/tracker.pages.inc index a36bf13a59d..f012264193f 100644 --- a/core/modules/tracker/tracker.pages.inc +++ b/core/modules/tracker/tracker.pages.inc @@ -39,6 +39,7 @@ function tracker_page($account = NULL, $set_title = FALSE) { // while keeping the correct order. $nodes = $query ->addTag('node_access') + ->addMetaData('base_table', 'tracker_node') ->fields('t', array('nid', 'changed')) ->condition('t.published', 1) ->orderBy('t.changed', 'DESC')