line 705 of taxonomy_access.module should be
$return['where'] = $clause[$op][$field] ? "$table.$field IN ('".$clause[$op][$field]."')" : null;

Otherwise illegal SQL is generated. Drupal version 4.7.4

CommentFileSizeAuthor
#2 taxonomy_access_21.patch870 byteskeve

Comments

msackman’s picture

Bother, I meant line 699, not 705. Sorry.

keve’s picture

StatusFileSize
new870 bytes

Thanks for your comment.
I thought this has been solved already.

I just found duplicate: http://drupal.org/node/72965.

The problem with your suggested code is that: hook_db_rewrite_sql will allow ALL terms listed, instead of NONE.
Instead of 'WHERE t.tid IN('')', your suggestion nulls the whole WHERE clause.

Can you test this patch with pgsql?
(I put tid=-1 since tid can be only positive number).
Do you have a better suggestion?

msackman’s picture

Mmm. The -1 for tid is dangerous because if you're just following the logs you have no way to tell whether you're hitting this magic case and tid is intentionally -1 or whether something is really broken.

I would suggest false:

    $return['where'] = $clause[$op][$field] ? "$table.$field IN ('".$clause[$op][$field]."')" : 'false';

This works in postgres but not in mysql. Mysql in fact doesn't understand expressions at all, so can't do 'where 0 = 1', or 'where 1 not in (1)' or anything particularly sane... I guess the -1 solution at least works. Clearly it's a bad idea to start detecting which sql db is being used so should just stick to the SQL standard but then that would mean mysql couldn't be used at all. WIN! ;)

msackman’s picture

Ahh yes, having done some testing, I do at least understand why the 'where false' is correct and the nulling of the first where clause is wrong. Your patch does work in postgres so I suggest you push that out. I personally don't like it greatly because I think it's unsafe but until MySQL gets a clue it's probably the best solution.

msackman’s picture

Agh! Apologies for the spam and for my rubbishing of MySQL: it can handle proper expressions *so long as there's a "from" clause* ! I was testing with things like:

mysql> select 1 where false;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where false' at line 1

which doesn't work, but if you put a "from" clause in then it's ok:

mysql> select * from smtp_sasl where false;
Empty set (0.00 sec)

mysql> select 1 from smtp_sasl where false;
Empty set (0.00 sec)

So I would definately therefore suggest:

        $vids[$result->vid]= $result->vid;
      }
      $clause[$op]['tid'] = isset($tids) ? implode("','",$tids) : '';
      $clause[$op]['vid']= isset($vids) ? implode("','",$vids) : '';
      $taxonomy_access_sql_clause = $clause;
    }
    else {
      $clause[$op][$field] = $taxonomy_access_sql_clause[$op][$field];
    }
    $return['where'] = $clause[$op][$field] ? "$table.$field IN ('".$clause[$op][$field]."')" : 'false';
    return $return;
keve’s picture

Status: Active » Fixed

Thanks for your suggestion.
'WHERE (FALSE)' seems the clearest solution.

I commited for both cvs and 4.7.

keve’s picture

Status: Fixed » Active

I re-open this.

This solution caused an sql error in mysql4.
Can you check you the fix commited in: http://drupal.org/node/97115 ?

    $return['where'] = ($clause[$op][$field]) ? "$table.$field IN ('".$clause[$op][$field]."')" : "$table.$field IS NULL";
keve’s picture

Status: Active » Closed (fixed)

TAC for Drupal 4.6 or 4.7 is no longer supported.
Try using latest 5.x-2.x-dev or 6.x-dev version , the module has been totally rewritten.