Using the ad function has the possibility to tell show ad related to one of these tids.
for example $tids = '1,2,3';
now there is a problem in adcache.inc where the related ads got selected in line 221 there is a query:

db_query("SELECT a.aid FROM {ads} a INNER JOIN {term_node} n ON a.aid = n.nid WHERE a.adstatus = 'active' AND n.tid IN(%d)", $id);

the problem here is, that the result with the example above will be:

SELECT a.aid FROM {ads} a INNER JOIN {term_node} n ON a.aid = n.nid WHERE a.adstatus = 'active' AND n.tid IN(1)

the other tids got lost while type-casting
so i changed the %d in the query to %s (i know i will get security issues by doing so....) maybe there is another way ... this should just be some kind of tip

cheers
finfin

Comments

jeremy’s picture

jeremy commented
Status: Needs work » Fixed

Thanks, fix committed. It also affects selecting by nid.

The $id parameter is already sanitized, so this change is correct and not a security issue.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.