For various reasons it may turn out that $param passed to node_load is wrong (on my testing site it was probably due to Views module). Of course other modules should make sure that $param is ok, but it's better to be safe than sorry, right? :).

When $param is null i get following errors:

Invalid argument supplied for foreach() in /www/neoni_www/www/subdomains/z2/modules/node/node.module on line 521.

implode() [<a href='function.implode'>function.implode</a>]: Invalid arguments passed in /www/neoni_www/www/subdomains/z2/modules/node/node.module on line 525.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near &#039;&#039; at line 1 query: SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM node n INNER JOIN users u ON u.uid = n.uid INNER JOIN node_revisions r ON r.vid = n.vid WHERE  in /www/neoni_www/www/subdomains/z2/includes/database.mysqli.inc on line 151.

First i changed code of node_load to check for array and make SQL not use 'WHERE' part, but then i thought it will always load some node, even tough it's not really the one which caller asked for. So i added early 'return NULL;' in case $param is not numeric and not array.
I guess that it could also check each of the $param values in case it is an array, but for now i'll wait for Your opinions about whole thing :).

CommentFileSizeAuthor
node.module.patch2.38 KBahwayakchih

Comments

drumm’s picture

drumm
he/him
Location NY, US
commented
Version: 5.7 » 7.x-dev
Priority: Normal » Minor
Status: Needs review » Needs work

Modules certainly should pay attention to what they pass to node_load() and not cause errors. Making the API more permissive is an API change and can only happen in a development version of Drupal, 5.x is currently stable.

ahwayakchih’s picture

ahwayakchih commented

But i don't want to make it more permissive, only to make it safer. In case of weird/unsupported params it should return nothing (NULL), instead of trying to handle them anyway. IMHO such change makes it LESS permissive, not more :).

maria_zk’s picture

maria_zk commented

Well, i had the same issue for some reason and your patch worked me!So thank you very much!

subir_ghosh’s picture

subir_ghosh
Primary language English
Location Delhi/Bangalore/Calcutta
commented
Version: 7.x-dev » 5.7

I tried using this patch and got this error:

Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /home/north/public_html/modules/node/node.module on line 1924

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/north/public_html/modules/node/node.module on line 1924

I am using Drupal 5.7.

kmillecam’s picture

kmillecam commented

Thanks much for this patch ahwayakchih,

I was getting really tired of my watchdog log fill up with errors because of this bug.

Kevin

damien tournoud’s picture

damien tournoud commented
Status: Needs work » Closed (won't fix)

We don't make the API more permissive, because it's always better to deal with problems than to ignore them.

This is a won't fix.

zcc_nz’s picture

zcc_nz commented

Well it might be permissive but at least it fixes a problem.
If validation of code by developers is so poor that code is available that can cause such issues then I think any industrial standard software should be able to cleanly handle it in some way.
This patch does fix it as most 'users' would like.
Works for me!