Posted by robertDouglass on January 2, 2006 at 10:01am
| Project: | Drupal core |
| Version: | 4.6.5 |
| Component: | search.module |
| Category: | bug report |
| Priority: | critical |
| Assigned: | robertDouglass |
| Status: | closed (fixed) |
Issue Summary
To my eyes, it seems that the $type parameter is completely ignored in the do_search function, thus rendering search functionality severely crippled, especially when dealing with modules that implement their own search. This patch adds the "where type = '%s'", $type bit to the SQL for gathering search results.
| Attachment | Size | Status | Test result | Operations |
|---|---|---|---|---|
| search_do_search.patch | 1.33 KB | Ignored: Check issue status. | None | None |
Comments
#1
oops... patch without Eclipse project info =)
#2
Forgive my ignorance with the underpinnings of Drupal, but is there ever a time when $type might be null or ==""? If so, then there should probably be a check for that before inserting it into the SQL statement.
#3
<?php
/**
* Do a query on the full-text search index for a word or words.
*
* This function is normally only called by each module that support the
* indexed search (and thus, implements hook_update_index()).
*
* The final query is an SQL select on the search_index table. As a guide for
* writing the optional extra SQL fragments (see below), use this query:
*
* SELECT i.type, i.sid, i.word, SUM(i.score/t.count) AS score
* FROM {search_index} i
* $join INNER JOIN {search_total} t ON i.word = t.word
* WHERE $where AND (i.word = '...' OR ...)
* GROUP BY i.type, i.sid
* ORDER BY score DESC";
*
* @param $keywords
* A search string as entered by the user.
*
* @param $type
* A string identifying the calling module.
*
* @param $join
* (optional) A string to be inserted into the JOIN part of the SQL query.
* For example "INNER JOIN {node} n ON n.nid = i.sid".
*
* @param $where
* (optional) A string to be inserted into the WHERE part of the SQL query.
* For example "(n.status > 0)".
*
* @param $variation
* Used internally. Must not be specified.
*
* @return
* An array of SIDs for the search results.
*
* @ingroup search
*/
function do_search($keywords, $type, $join = '', $where = '1', $variation = true) {
// Note, we replace the wildcards with U+FFFD (Replacement character) to pass
// through the keyword extractor. Multiple wildcards are collapsed into one.
$keys = preg_replace('!\*+!', '�', $keywords);
// Split into words
$keys = search_keywords_split($keys);
$words = array();
$arguments = array($type);
?>
Theoretically it isn't possible, since $type is a required parameter of the function. That said, if some code has been calling do_search with $type = '', nothing bad would have happened, and that code would break. This is to be desired, however, since the calling code doesn't conform to the published API. I don't believe this happens anywhere in core.
#4
Good catch... I noticed this when doing 4.7 search, but never got around to backporting it to 4.6. Note that the doxygen also needed to be updated.
Committed to 4.6.
#5