I've a problem with search.
I would find more than word or word with apostrophe (like owner's). The search work fine if the user is administrator, or has "Bypass content access control". Otherwise is empty.
I debug something and I see a strange situation.
If the user is admin I have:
[arguments:protected] => Array
(
[:db_condition_placeholder_0] => 1
[:db_condition_placeholder_1] => my_content
[:db_condition_placeholder_2] => owner
[:db_condition_placeholder_3] => node
[:db_condition_placeholder_4] => % s %
[:db_condition_placeholder_5] => % owner %
)
and:
[stringVersion] => (n.status = :db_condition_placeholder_0) AND( (n.type = :db_condition_placeholder_1) )AND( (i.word = :db_condition_placeholder_2) )AND (i.type = :db_condition_placeholder_3) AND( (d.data LIKE :db_condition_placeholder_4 ESCAPE '\\') AND (d.data LIKE :db_condition_placeholder_5 ESCAPE '\\') )
but when the user is not admin I have:
[arguments:protected] => Array
(
[:db_condition_placeholder_0] => 1
[:db_condition_placeholder_1] => my_content
[:db_condition_placeholder_2] => owner
[:db_condition_placeholder_3] => node
[:db_condition_placeholder_4] => 0
[:db_condition_placeholder_5] => all
[:db_condition_placeholder_6] => 1
)
and:
[stringVersion] => (n.status = :db_condition_placeholder_0) AND( (n.type = :db_condition_placeholder_1) )AND( (i.word = :db_condition_placeholder_2) )AND (i.type = :db_condition_placeholder_3) AND(( (na.gid = :db_condition_placeholder_4) AND (na.realm = :db_condition_placeholder_5) ))AND (na.grant_view >= :db_condition_placeholder_6) AND( (d.data LIKE :db_condition_placeholder_4 ESCAPE '\\') AND (d.data LIKE :db_condition_placeholder_5 ESCAPE '\\') ) )
I think that the sencond is wrong because the 4th and 5th position are used to 'LIKE' search . Can anyone help me?
Comment | File | Size | Author |
---|---|---|---|
#32 | 1202416-32.patch | 1.65 KB | xjm |
#29 | 1202416-24-test-only.patch | 1.57 KB | webchick |
#27 | 1202416-with-1112854.patch | 19.1 KB | xjm |
#25 | 1202416-24-test-only.patch | 1.57 KB | xjm |
#18 | search-node-access-D7-1202416-18.patch | 533 bytes | joelstein |
Comments
Comment #1
jhodgdonYes, this looks like a bug -- it looks like the advanced search is not working at all correctly in Drupal 7/8, and the node access part of the query has overwritten the search matching conditions, for users other than those with "bypass node access" permissions. That seems like a major issue to me, since Search is not working if node access is used.
It's possible that it would also fail with a non-advanced search, but this query looks like it's an advanced search, because the content type is part of the search query.
At this point, we need to investigate and fix this in Drupal 8, then backport the fix to Drupal 7.
Comment #2
ts145nera CreditAttribution: ts145nera commentedI try to disalbe content access module (http://drupal.org/project/content_access), and now search work fine.
Comment #3
Damien Tournoud CreditAttribution: Damien Tournoud commentedLikely a duplicate of #1112854: Subqueries use wrong arguments. Could someone check if #1112854-6: Subqueries use wrong arguments fixes the issue?
Comment #4
julien CreditAttribution: julien commentedLooks like the placeholder in the query are wrong, here the query run for a user non-logged in with node_access enable :
Comment #5
julien CreditAttribution: julien commentedThe place holders becomes wrong after the query got altered in drupal_alter($hooks, $query) line 1199 of select.inc.
Looks like the query_node_access hook break the query.
Comment #6
julien CreditAttribution: julien commentedI think the query should look like this and the last placeholders has to be changed.
Comment #7
ts145nera CreditAttribution: ts145nera commentedjulien is right.
the second query (#6) is right and the first is wrong (#5)
Comment #8
jhodgdonSee #3. Can someone check if that patch fixes the problem and makes the queries work?
Comment #9
julien CreditAttribution: julien commentedAppied the patch, didn't work for me. To me it looks like the arguments swap during compilation of the where condition.
To check this, check the $queryPlaceholder before compiling and check the $args variable after line 1142 of /includes/database/select.inc
Comment #10
jhodgdonThanks for testing! Then this issue is *not* a duplicate of that other one. Good to know.
In that case, we need a patch, and preferably a SimpleTest test that fails and demonstrates this bug, and passes with the patch.
Comment #11
good_man CreditAttribution: good_man commentedWith Drupal 7.4 and latest version of content access 7.x dev, it's working for me. Can you please post steps to reproduce?
Comment #12
jhodgdongood_man: In order to trigger node access query mods, you normally have to (a) enable a node access module and (b) configure at least one special node access rule using that module. Did you do both of those, or just enable the module? Also, (c) do the search logged in as not user 1.
Comment #13
good_man CreditAttribution: good_man commentedYes I did assigned some nodes grants to user1, and logged in with it, then searched, only words in nodes that user1 has access to appears on simple & advanced search. I'd like to know what do you mean by "one special node access rule"?
Comment #15
xjmI reproduced this with both TAC and CA. Steps to reproduce:
search/node
.bunny's
.Comment #16
webchickThanks for the clear steps to reproduce!
There was a node access test module added somewhere along the way with some of the D7 security issues, so we should be able to add tests for this condition.
Comment #17
joelstein CreditAttribution: joelstein commentedThe same problem happens when using Search Configuration to restrict certain content types from appearing in the search results (see #1238380: Punctuation breaks search for users other than UID 1). If I search for a word with an apostrophe or period, then I get no search results (as a non-admin user). One way you can easily reproduce this issue is to implement hook_query_node_access_alter() and add the following code:
What this does is add a condition to the query which restricts the results to only include page content types. Somehow the query ends up searching for the word "page" instead of the actual search terms.
To reproduce this, follow the steps in the issue I referenced above.
It seems to me that the query is using the wrong arguments, which seems to suggest that we might find an answer at #1112854: Subqueries use wrong arguments, though the patch there did not solve the problem for me.
Comment #18
joelstein CreditAttribution: joelstein commentedIt appears that the conditions used in the SearchQuery class need to be cloned. This one-line patch fixes my issue (above)... please test it against the other scenarios. I think the solution might best be solved with an approach outlined here: #1112854-8: Subqueries use wrong arguments. In the meantime, this patch should solve the search issues.
Comment #19
julien CreditAttribution: julien commentedtested, and it does work for me !
Now i'm trying to figure out why... :)
Comment #20
Alan D. CreditAttribution: Alan D. commentedWithout debugging this, I think that this has something to do with the count query. The count query would need to alter the conditions and these would in turn be used incorrectly once the main query is run.
I ran into something similar with search_config module earlier, and worked around it by using a <> condition rather than the NOT IN condition. Reason why one worked and the other didn't was a complete wtf at the time, but maybe this could help someone debug the core issue... This workaround could be potentially used in contrib while the core issue is being fixed.
Comment #21
xjmTagging.
Comment #22
jhodgdonCan someone see if the patch on #1112854: Subqueries use wrong arguments fixes this issue too?
Comment #23
xjm#1112854-86: Subqueries use wrong arguments does appear to resolve this. Yay! So we just need a test for this to go with that patch.
Comment #24
xjmI'll try writing a test for this... we'll see how it goes. :)
Comment #25
xjmHere's a test that should fail. It fails locally without #1112854-86: Subqueries use wrong arguments, and passes with that patch applied.
Comment #27
xjmTest rolled with the patch from #1112854-86: Subqueries use wrong arguments; should pass.
Comment #28
webchickSince #1112854: Subqueries use wrong arguments was committed, I believe this becomes a tests-only patch.
Comment #29
webchickOops. I missed #25 (thanks, xjm!)
Here's that patch again uploaded for testbot's benefit. Let's make sure it passes now.
Comment #30
jhodgdonThe test looks good to me. The only thing I would suggest changing is the verb at the beginning of the docblocks -- standard for functions is to start with "Tests" rather than "Test" for one-line descriptions of functions and classes (see http://drupal.org/node/1354). And yes I realize that other tests may not follow the standards, alas!
Hmmm... Also, the tests say they are testing advanced search, but I don't think they are? The only thing passed to search is a keyword, which is not advanced search?
Comment #31
xjmAh, that's a small point I guess. It searches for a string wrapped in double quotes, which is equivalent to submitting the Containing the phrase field. I'll try to rename/reword it a bit to clarify that.
Comment #32
xjmRolled with corrections from @jhodgdon's review in #30.
Comment #33
jhodgdonLooks good xjm. Hooray for more tests!
Comment #34
webchickAwesome! Committed and pushed to 8.x and 7.x. Thanks!
Comment #36
Leeteq CreditAttribution: Leeteq commentedComment #37
xjm