From fc3676d50b9c50f471f8591bcaf07b864e86bf4b Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 27 Sep 2004 20:10:29 +0000
Subject: [PATCH] - Patch #10977 by Gerhard: added node permission checks to
 the SQL queries.

  NOTE: I had to modify the book module patch for it to work -- it was throwing SQL errors at me.
---
 modules/comment.module         | 2 +-
 modules/comment/comment.module | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/comment.module b/modules/comment.module
index acb9679c077b..d50e3453272a 100644
--- a/modules/comment.module
+++ b/modules/comment.module
@@ -304,7 +304,7 @@ function comment_search($keys = NULL) {
     print theme('page', search_type('comment', url('admin/comment/search'), $_POST['keys']));
   }
   else if ($keys) {
-    $find = do_search(array("keys" => $keys, "type" => 'comment', "select" => "select s.lno as lno, c.nid as nid, c.subject as title, c.timestamp as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE s.lno = c.cid AND s.type = 'comment' AND c.status = 0 AND s.word like '%'"));
+    $find = do_search(array('keys' => $keys, 'type' => 'comment', 'select' => 'SELECT s.lno AS lno, c.nid AS nid, c.subject AS title, c.timestamp AS created, u.uid AS uid, u.name AS name, s.count AS count FROM {search_index} s, {comments} c INNER JOIN {users} u ON c.uid = u.uid '. node_access_join_sql('c') .' WHERE '. node_access_where_sql() ." AND s.lno = c.cid AND s.type = 'comment' AND c.status = 0 AND s.word like '%'"));
     return array(t('Matching comments ranked in order of relevance'), $find);
   }
 }
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index acb9679c077b..d50e3453272a 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -304,7 +304,7 @@ function comment_search($keys = NULL) {
     print theme('page', search_type('comment', url('admin/comment/search'), $_POST['keys']));
   }
   else if ($keys) {
-    $find = do_search(array("keys" => $keys, "type" => 'comment', "select" => "select s.lno as lno, c.nid as nid, c.subject as title, c.timestamp as created, u.uid as uid, u.name as name, s.count as count FROM {search_index} s, {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE s.lno = c.cid AND s.type = 'comment' AND c.status = 0 AND s.word like '%'"));
+    $find = do_search(array('keys' => $keys, 'type' => 'comment', 'select' => 'SELECT s.lno AS lno, c.nid AS nid, c.subject AS title, c.timestamp AS created, u.uid AS uid, u.name AS name, s.count AS count FROM {search_index} s, {comments} c INNER JOIN {users} u ON c.uid = u.uid '. node_access_join_sql('c') .' WHERE '. node_access_where_sql() ." AND s.lno = c.cid AND s.type = 'comment' AND c.status = 0 AND s.word like '%'"));
     return array(t('Matching comments ranked in order of relevance'), $find);
   }
 }
-- 
GitLab