book_location_down() has a critical bug when book pages have multiple revisions. you can get into an infinite recursion if the book pages are moved around such that if at any time in the revision history, there's a circular parent/child relationship between any 2 pages. before zen comes in and moves this from "critical" to "exotic" ;) keep in mind i only found this bug because it happened on the live site at my day job. i wasn't trying to break anything, it just happened through the normal course of reorganizing book pages on our site. :(

luckily, the solution is trivial. we're doing an INNER JOIN on the book and node table, but have completely forgotten about the vid field (revision id). :( book stores records for each vid, so when we're SELECTing, we grab *all* revisions of all pages that have ever had the current node as its parent. instead, we only want to be looking at the most current versions of book pages that have the current nid as their parent. so, we just need to add an WHERE n.vid = b.vid clause to the INNER JOIN. patch attached (which applies cleanly to DRUPAL-4-7, and with a 5 line offset to HEAD).

please review/test and commit ASAP.

thanks!
-derek

CommentFileSizeAuthor
#3 book.patch_0.txt1.14 KBGerhard Killesreiter
book-vid-infinite-recursion.patch1.16 KBdww
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

killes@www.drop.org’s picture

killes@www.drop.org CreditAttribution: killes@www.drop.org commented
Version: 4.7.2 » x.y.z
Status: Needs review » Reviewed & tested by the community

looks good to me, applied.

dww’s picture

dww
we/he/they
CreditAttribution: dww commented

killes, i don't actually see any commits to book.module in cvs (either DRUPAL-4-7 or HEAD) that fix this bug. when you say "applied", what do you mean? ;) can you point to a cvs revision number, commit id, etc? thanks.

Gerhard Killesreiter’s picture

Gerhard Killesreiter CreditAttribution: Gerhard Killesreiter commented
FileSize
book.patch_0.txt1.14 KB

yeah, forgot it. I have modified it, patch for HEAD is attached.

dww’s picture

dww
we/he/they
CreditAttribution: dww commented

cool, thanks. i was thinking afterwards that vid might be unique across nids, and that if so, that'd be better. judging from your patch, that seems to be the case.

Dries’s picture

Dries CreditAttribution: Dries commented

Good catch. Committed to CVS HEAD.

dww’s picture

dww
we/he/they
CreditAttribution: dww commented
Assigned: Unassigned » dww
Status: Reviewed & tested by the community » Fixed

killes commited to DRUPAL-4-7 (as revision 1.361.2.4), dries to HEAD (as revision 1.367). the bug doesn't existin in 4.6.x, since there's no revision id in the book table until 4.7. this is hereby fixed. thanks folks.

Anonymous’s picture

(not verified) CreditAttribution: commented
Status: Fixed » Closed (fixed)