Freetagging vocabularies not properly ignored, leading to access control problems
| Project: | Taxonomy Access Control Lite |
| Version: | 5.x-1.1 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | needs review |
On our site, we use tac_lite for several vocabs and content_access for a content type. We use two single select and one freetagging vocab (that contains numeric values) for the content type controlled by content_access. Nodes that didn't use any tac_lite vocabs were mysteriously showing up with grants for tac_lite. I traced this back to the way that tac_lite handles freetagging vocabs. In _tac_lite_get_terms(), tac_lite decides if it handles the terms for a node by checking if the contents of $node->taxonomy are arrays, objects, or numeric. In the array check, freetagging vocabs are thrown away by checking for non-numeric array values. However, if you use numeric values in your freetagging vocab, this check fails and tac_lite tries to handle the term.
To fix this issue, I've checked for freetagging vocabs first, then only handled terms that definitely aren't from such vocabs. As far as I can tell, $node->taxonomy never contains objects, so I've removed this check, too.
| Attachment | Size |
|---|---|
| contrib-5.tac_lite.freetagging.junyor.patch | 1.96 KB |
#1
Doh. I found out when is_object is used. ;)
#2
Junyor, thanks for the patch. At first glance this looks like a good fix. But help me understand. Does this happen because your vocabulary contains terms which are numbers? I.e. the term is "42"?
#3
@Dave: Yes, that's the cause. In the current tac_lite code, this would trigger the is_numeric check in the is_array branch and the term name would be added as a tid.
#4
Subscribing.