Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Here's a patch to fix a sql query in the upload module to that it uses the node_access functions.
Comment | File | Size | Author |
---|---|---|---|
upload_0.patch | 636 bytes | Steve Dondley | |
Comments
Comment #1
Steven CreditAttribution: Steven commentedEssentially this patch lets teh node access thing that the "files" table is the "node" table. This might be fine for simple node access, but it might give troubles in the future.
Ideally, we'd do a join on the node table instead.
Comment #2
chx CreditAttribution: chx commentedThere was a taxonomy.module patch for node_access_*_sql calls, here is one for upload, and I think there is related a bug in archive.module on line 76, this query should call the node_access_*_sql functions (did not made a bug report, 'cos I did not have the time to check it out).
This is messy. My node builder proposal would do away with most of these -- this bug being an exception, 'cos it is not JOIN'd with node.
Comment #3
chx CreditAttribution: chx commentedHowever, this shows that we must look through the Drupal queries and ask for each:
a) If node table is already among the joined tables, is a node_access_*_sql call needed?
b) if node table is not joined, but the table has a nid field, node shall be JOIN'd and GOTO a)
If a) is formulated "is it true that calling node_access_*_sql is not harmful here" which is in most of the cases is true, it can be passed through the node query builder, and that's that.
Comment #4
Dries CreditAttribution: Dries commentedCommitted to HEAD and DRUPAL-4-5.
Comment #5
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedhttp://drupal.org/node/13562
Comment #6
killes@www.drop.org CreditAttribution: killes@www.drop.org commentedComment #7
(not verified) CreditAttribution: commented