Enforce access rules does not work on search pages

agentrickard - November 5, 2009 - 15:29

Project:	Domain Access
Version:	6.x-2.0
Component:	Code
Category:	bug report
Priority:	normal
Assigned:	Unassigned
Status:	closed

Jump to:

In the db_rewrite_sql we have this code:

<?php
  // In any of the following cases, do not enforce any rules.
  if (!$admin_force || empty($query) || $primary_field != 'nid' || !user_access('administer nodes') || domain_grant_all()) {
    return;
  }
?>

The empty($query) was a safeguard against, well, empty queries, but node searching invokes db_rewrite_sql() without passing a $query, so we have to remove that if searching is to work properly.

Testing needed to see if this introduces any errors.

» Login or register to post comments

#1

agentrickard - November 5, 2009 - 18:57

Patch for D5.

Attachment	Size
624296-query-d5.patch	858 bytes

Login or register to post comments

#2

agentrickard - November 5, 2009 - 18:58

D6 version.

Attachment	Size
624296-query-d6.patch	889 bytes

Login or register to post comments

#3

agentrickard - November 16, 2009 - 21:24

Committed to D6 and HEAD.

Login or register to post comments

#4

agentrickard - November 16, 2009 - 21:28

Status:

needs review

» fixed

Committed to D5.

Login or register to post comments

#5

System Message - November 30, 2009 - 21:30

Status:

fixed

» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Login or register to post comments

Drupal is a registered trademark of Dries Buytaert.