On a busy website we've been having an issue that about once in a week all subqueues of a certain type were being deleted. When this happened, all subqueues that belong to a queue where that queue has owner='smartqueue_taxonomy' were entirely removed.

This issue is hard to reproduce.

The cause must be:
in /modules/taxonomy/taxonomy.module, function taxonomy_del_term:

 $term = (array) taxonomy_get_term($tid);
(....)
module_invoke_all('taxonomy', 'delete', 'term', $term);

and then in /sites/all/modules/nodequeue/smartqueue.module, function smartqueue_taxonomy($op, $type, $array = NULL)

        case 'delete':
          $tid = $array['tid'];
          if(!$tid) {
            return;
          }
          // Find subqueues that contain this term.
          $result = db_query(
            "SELECT sq.sqid FROM {nodequeue_subqueue} sq
            INNER JOIN {nodequeue_queue} nq ON sq.qid = nq.qid
            WHERE nq.owner = 'smartqueue_taxonomy'
            AND (sq.reference = '%d'
              OR sq.reference LIKE '%%-%d'
              OR sq.reference LIKE '%d-%%'
              OR sq.reference LIKE '%%-%d-%%')",
            $tid, $tid, $tid, $tid
          );
          while ($row = db_fetch_object($result)) {
            nodequeue_remove_subqueue($row->sqid);
          }
          break;
      } 

When in the first block of code the term with that $tid has already been removed the $array parameter in the second block of code will have a bogus value. The SELECT query then selects subqueues to be deleted and uses %d-%% in the selection where %d may be 0, which in our case matches all such subqueues.

We hope we have now solved the issue by changing (inserting into) the start of the second code block as below:

        case 'delete':
          $tid = $array['tid'];
          if(!$tid) {
            return;
          } 
CommentFileSizeAuthor
#5 nodequeue.sq_.1.patch542 bytesrolf van de krol

Comments

alberthendriks’s picture

Note that by accident the bugfix in the 3rd block has already been applied to the 2nd block. The original code with the bug does not do the $tid check.

ezra-g’s picture

Status: Needs review » Needs work

Thanks for pointing this out. Can you file a patch for this?

alberthendriks’s picture

I think the bug is actually in the first block of code that makes a function call with a bogus parameter. My colleague Rolf who worked on this will pick this up and try to file a patch.

bertboerland’s picture

we (my employer) will provide a diff patch early next week. please hold on.

rolf van de krol’s picture

Version: 6.x-2.3 » 7.x-2.x-dev
Status: Needs work » Needs review
StatusFileSize
new542 bytes

This is the patch bertboerland promised.

ezra-g’s picture

I committed this with a minor change to use empty() and just return, since we don't need to return the tid. I also added a comment explaining the return.

Thanks for catching this nasty bug!

ezra-g’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.