Home » Download » Modules » Site notes » Issues

user warning: Unknown column 'type' in 'where clause' query

Garnerin - September 17, 2008 - 16:35
Project:Site notes
Version:6.x-1.1
Component:Code
Category:bug report
Priority:normal
Assigned:NancyDru
Status:closed
Description

Hi Nancy,

since I've installed 6.x-1.1 in D6.4, every user who has not the permission to access site notes (these are the 'unauthorized visitor' as well as all registered users but #1 on my test site) gets the message on every page:

user warning: Unknown column 'type' in 'where clause' query: SELECT DISTINCT(nc.nid) FROM node_comment_statistics nc INNER JOIN node_access na ON na.nid = nc.nid WHERE (na.grant_view >= 1 AND ((na.gid = 0 AND na.realm = 'all') OR (na.gid = 1 AND na.realm = 'node_privacy_byrole_role') OR (na.gid = 0 AND na.realm = 'node_privacy_byrole_user'))) AND (type <> 'sitenotes') AND ( nc.comment_count > 0 )ORDER BY nc.last_comment_timestamp DESC LIMIT 0, 10 in /var/www/vhosts/example.com/httpdocs/modules/comment/comment.module on line 314.

The only bypass I can see to get rid of this message: to grant everyone the permission but to deprive them of the reachability... as far as possible...

» Login or register to post comments

#1

Garnerin - September 17, 2008 - 16:47

The warning keeps displaying with the dev version of 2008-Sep-17 just as well.

Login or register to post comments

#2

stevenghines - September 22, 2008 - 17:24

I'm getting it as well with 5.x-1.4; error message is

Unknown column 'type' in 'where clause'; query: SELECT nc.nid FROM node_comment_statistics nc WHERE (type <> 'sitenotes') AND ( nc.comment_count > 0 ) ORDER BY nc.last_comment_timestamp DESC LIMIT 0, 10 in /includes/database.mysql.inc on line 172.

Login or register to post comments

#3

NancyDru - September 25, 2008 - 19:17
Assigned to:Anonymous» NancyDru
Status:active» fixed

I committed a fix to tighten up my checks on which db_rewrite_sql's I intercept. This should be in the -dev release that rolls out around midnight GMT. Please test it and make sure. Thanks.

Login or register to post comments

#4

markus_petrux - September 26, 2008 - 10:01
Status:fixed» needs work

While the last patch seems to fix the problem, there may be situations where $primary_table has a different value, so this would expose sitenotes nodes to other users.

Instead, you could use the value in $primary_table to append sitenotes condition.

function sitenotes_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  $return = array();
  // Check for node query if the user shouldn't see sitenotes.
  if ($primary_field == 'nid' && !user_access('access site notes')) {
    $sql = drupal_strtolower($query);
    // Locate the WHERE clause if there is one.
    if ($where = strpos($sql, ' where ')) {
      // If the query noes not already have 'type=' then add our test.
      if (!(strpos($sql, 'type=', $where + 6) || strpos($sql, 'type =', $where + 6) || strpos($sql, 'type in', $where + 6))) {
        $return['where'] = $primary_table .".type <> 'sitenotes'";  // <--- here we can use $primary_table value
      }
    }
  }
  return $return;
}

Login or register to post comments

#5

NancyDru - September 26, 2008 - 15:36
Status:needs work» fixed

Good point, thanks.

Login or register to post comments

#6

jupiterchild - September 26, 2008 - 21:16

I am running 5.x-1.4 on 2 sites. On one site I get the same error as #2 on the other site Site Notes works fine.

Login or register to post comments

#7

NancyDru - September 26, 2008 - 21:43

You need the -dev version.

Login or register to post comments

#8

Anonymous (not verified) - October 10, 2008 - 21:52
Status:fixed» closed

Automatically closed -- issue fixed for two weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.