$type completely ignored in do_search [#43022]

To my eyes, it seems that the $type parameter is completely ignored in the do_search function, thus rendering search functionality severely crippled, especially when dealing with modules that implement their own search. This patch adds the "where type = '%s'", $type bit to the SQL for gathering search results.

Comment	File	Size	Author
#1	search_do_search_0.patch	933 bytes	robertDouglass
#1
	search_do_search.patch	1.33 KB	robertDouglass

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

robertDouglass CreditAttribution: robertDouglass commented 2 January 2006 at 10:04

File	Size
search_do_search_0.patch	933 bytes

oops... patch without Eclipse project info =)

Comment #2

oadaeh CreditAttribution: oadaeh commented 5 January 2006 at 13:59

Forgive my ignorance with the underpinnings of Drupal, but is there ever a time when $type might be null or ==""? If so, then there should probably be a check for that before inserting it into the SQL statement.

Comment #3

robertDouglass CreditAttribution: robertDouglass commented 5 January 2006 at 15:16

/**
 * Do a query on the full-text search index for a word or words.
 *
 * This function is normally only called by each module that support the
 * indexed search (and thus, implements hook_update_index()).
 *
 * The final query is an SQL select on the search_index table. As a guide for
 * writing the optional extra SQL fragments (see below), use this query:
 *
 * SELECT i.type, i.sid, i.word, SUM(i.score/t.count) AS score
 * FROM {search_index} i
 * $join INNER JOIN {search_total} t ON i.word = t.word
 * WHERE $where AND (i.word = '...' OR ...)
 * GROUP BY i.type, i.sid
 * ORDER BY score DESC";
 *
 * @param $keywords
 *   A search string as entered by the user.
 *
 * @param $type
 *   A string identifying the calling module.
 *
 * @param $join
 *   (optional) A string to be inserted into the JOIN part of the SQL query.
 *   For example "INNER JOIN {node} n ON n.nid = i.sid".
 *
 * @param $where
 *   (optional) A string to be inserted into the WHERE part of the SQL query.
 *   For example "(n.status > 0)".
 *
 * @param $variation
 *   Used internally. Must not be specified.
 *
 * @return
 *   An array of SIDs for the search results.
 *
 * @ingroup search
 */
function do_search($keywords, $type, $join = '', $where = '1', $variation = true) {
  // Note, we replace the wildcards with U+FFFD (Replacement character) to pass
  // through the keyword extractor. Multiple wildcards are collapsed into one.
  $keys = preg_replace('!\*+!', 'ï¿½', $keywords);

  // Split into words
  $keys = search_keywords_split($keys);

  $words = array();
  $arguments = array($type);

Theoretically it isn't possible, since $type is a required parameter of the function. That said, if some code has been calling do_search with $type = '', nothing bad would have happened, and that code would break. This is to be desired, however, since the calling code doesn't conform to the published API. I don't believe this happens anywhere in core.