Commit 30678ff4 authored by Dries's avatar Dries

- Patch #15690 by Goba: the vocabulary node types checks in taxonomy.module...

- Patch #15690 by Goba: the vocabulary node types checks in taxonomy.module are very vulnerable to having node types names as prefixes of other node type names %%%s%% as it is there with %%blog%% will match a lot more, then just this simple node type.  Since the node types are stored in a comma separated list, the solution is to search for 'blog' or '%%,blog,%%' or 'blog,%%' or '%%,blog', that is matching only for that node type, or matching that node type in a list, or at the beginning of a list, or at the end of a list. It does not look elegant, but this is the solution for the format used.
parent b1717abf
......@@ -392,7 +392,7 @@ function taxonomy_form($vid, $value = 0, $help = NULL, $name = 'taxonomy') {
*/
function taxonomy_get_vocabularies($type = '', $key = 'vid') {
if ($type) {
$result = db_query("SELECT * FROM {vocabulary} WHERE nodes LIKE '%%%s%%' ORDER BY weight, name", $type);
$result = db_query("SELECT * FROM {vocabulary} WHERE nodes = '%s' or nodes LIKE '%s,%%' or nodes LIKE '%%,%s,%%' or nodes LIKE '%%,%s' ORDER BY weight, name", $type, $type, $type, $type);
}
else {
$result = db_query('SELECT * FROM {vocabulary} ORDER BY weight, name');
......@@ -421,7 +421,7 @@ function taxonomy_node_form($type, $node = '', $help = NULL, $name = 'taxonomy')
$terms = $node->taxonomy;
}
$c = db_query("SELECT * FROM {vocabulary} WHERE nodes LIKE '%%%s%%' ORDER BY weight, name", $type);
$c = db_query("SELECT * FROM {vocabulary} WHERE nodes = '%s' or nodes LIKE '%s,%%' or nodes LIKE '%%,%s,%%' or nodes LIKE '%%,%s' ORDER BY weight, name", $type, $type, $type, $type);
while ($vocabulary = db_fetch_object($c)) {
$result[] = taxonomy_form($vocabulary->vid, $terms, $help, $name);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment