Reported by John Morahan

Drupal 5.2 taxonomy.module

If a user uses free tagging to add a '%' symbol as a tag, it is
impossible for anyone to add any further tags as they all get changed to
'%'.

This is because taxonomy_get_term_by_name() does a 'LIKE' match instead
of '='.

Someone with 'administer taxonomy' permission can manually delete the
offending term, fixing the problem until it gets added again.

Related issue (6.x): http://drupal.org/node/165160

To reproduce:

1. create a free tagging vocabulary, assign to a node type
2. create a node of that type, add % as a tag
3. edit the node, or create a new node of that type, add different tags,
and save again
4. observe that % was saved as a tag, and any other tags were not

CommentFileSizeAuthor
#7 taxonomy_get_term_by_name-like.patch671 bytesjohn morahan
#3 taxonomy_get_term_by_name-like.patch914 bytesjohn morahan

Comments

wmostrey’s picture

wmostrey commented
Version: 5.2 » 5.4

This still applies, and this can also be tested on groups.drupal.org. For instance if you try to enter "3rd party software" as a tag, it will get replaced with "3%" since it appears someone added that as a tag already. This is not a critical issue but really should be fixed because it interferes with the user experience and is experienced as a bug (which it is).

wmostrey’s picture

wmostrey commented
Version: 5.4 » 5.5
john morahan’s picture

john morahan commented
Status: Active » Needs review
StatusFileSize
new taxonomy_get_term_by_name-like.patch914 bytes
Rowanw’s picture

Rowanw commented

Applied the patch and followed the steps above, no problems.

wmostrey’s picture

wmostrey commented
Status: Needs review » Reviewed & tested by the community

Applies cleanly and works as advertised.

cburschka’s picture

cburschka
they
commented
Version: 5.5 » 6.x-dev
Status: Reviewed & tested by the community » Needs work

This issue still exists in D6.

john morahan’s picture

john morahan commented
Status: Needs work » Needs review
StatusFileSize
new taxonomy_get_term_by_name-like.patch671 bytes

Well, in D6 the order was reversed, so it's not exactly the same issue: it's now impossible to add a tag with % in it, if the pattern matches an existing tag. Still a problem though.

cburschka’s picture

cburschka
they
commented
Status: Needs review » Reviewed & tested by the community

This bug and corresponding patch still apply. Please do not forget to backport this to D5.

cburschka’s picture

cburschka
they
commented
Title: % as a free tag prevents further tag addition. » SQL in taxonomy_get_term_by_name() should use =, not LIKE

Clarified title.

gábor hojtsy’s picture

gábor hojtsy
he/him
Primary language Hungarian
Location Hungary
commented
Version: 6.x-dev » 7.x-dev

Thanks, committed. Should also be fixed in Drupal 5 and Drupal 7. Putting to Drupal 7 first, because it has the same code (presumably), so it should be easy to commit there and then set back for Drupal 5.

dries’s picture

dries commented
Version: 7.x-dev » 5.x-dev

Committed this to CVS HEAD. Thanks John. Changing version.

drumm’s picture

drumm
he/him
Location NY, US
commented
Status: Reviewed & tested by the community » Fixed

Committed to 5.x

gchan’s picture

gchan commented

To get better performance, may want to use strtolower first instead of inside the SQL:

$db_result = db_query(db_rewrite_sql("SELECT t.tid, t.* FROM {term_data} t WHERE LOWER(t.name) = '%s' ", 't', 'tid'), strtolower(trim($name)));

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.