Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This affects both drupal 5.x and 6.x
If $node IS NULL, and i call node_access_acquire_grants($node) it writes line array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0); into node_access table.
Solution: node_access_acquire_grants() should check if $node is not NULL!
Background:
I found out this by debugging a site where node_access_rebuild() wrote row 0,0,all,1,0,0 into node_access (beside the normal Taxonomy_access values).
The cause of it was some corruptions in my database:
Description:
"SELECT nid from node" returns array where nid=4 exists.
node_load(4) return NULL. (Because of this node_access_rebuild writes 0,0,all,1,0,0 line into node_access table).
This whole trouble is casued by a corruption between table node_revisions and table node.
In table node: for nid=4, there is a value of vid=1232, BUT this vid DOES NOT EXIST IN "node_revisions" table!
(Vid stands for version_id)
| Comment | File | Size | Author |
|---|---|---|---|
| node_access_acquire_grants.patch | 743 bytes | keve |
Comments
Comment #1
keve commentedAny opinions?
Comment #2
keve commentedUsing Taxonomy Access, couple of people had this problem, after updating their system to drupal-5.
We have a discussion on this: http://drupal.org/node/125355.
This bug gives access to ALL nodes, when there is some corruption in table 'node':
We found two general cause for this:
- vid (file_revision) does not exist.
- uid (author) does not exist.
Comment #3
chx commentedCore can't even try to be protected against all broken calls. So we do not try.