corprewland » database hacking http://www.corprew.org (dis)information organization Thu, 04 Feb 2010 20:48:34 +0000 en hourly 1 http://wordpress.org/?v=3.0 drupal and taxonomy http://www.corprew.org/blog/2008/04/17/drupal-and-taxonomy/ http://www.corprew.org/blog/2008/04/17/drupal-and-taxonomy/#comments Thu, 17 Apr 2008 07:38:39 +0000 corprew http://www.corprew.org/blog/2008/04/17/drupal-and-taxonomy/ Drupal 5 has a few problems in its security layer, as I’ve mentioned other places, and some of them stem from the sort of ‘it-works-for-me’ philosophy of open source. This is particularly a problem in a complex system like Drupal, which in most installations is made up of a few dozen modules in addition to the core.

The current issue I’m having is that nodes created by the aggregation module get their taxonomy stripped when they’re updated because of how another module uses the security functionality, which is just hilarious in a site that’s largely organized organically by taxonomy. So, after talking with the people I’m working for on the site, I ended up creating a simple PHP script to run through cron that fixes the issues ‘the hard way.’

If you check out this query…

function fix_object($name, $sqlcon)
{
  $query = "SELECT term_data.name name, term_data.tid termid, node.nid nodeid, node.title title FROM node LEFT JOIN term_node  ON ( term_node.nid = node.nid ) LEFT JOIN term_data ON ( term_data.tid = term_node.tid ) WHERE node.type = 'aggregation_item ' AND node.title LIKE 'Xxxxx " . $name . "%'";
 
  // Perform Query
  $result = mysql_query($query);
 // ... and so on...

You can see that this is a fairly normal sql query that looks for all the nodes of type aggregation_item and titled a particular pattern. Because of the way the joins are structured, that means that any nodes that have lost their taxonomies will have NULL for termname and termid. Those nodeids with NULL termids can then have the proper taxonomy entries stuffed back into them…

function insert_taxo_4_node($node_id, $taxo_id, $con)
{
  $query = "INSERT INTO term_node (nid, tid) VALUES (". $node_id . "," . $taxo_id . ")";
 
  $result = mysql_query($query);
  // Check result
  // This shows the actual query sent to MySQL, and the error. Useful for debugging.
  if (!$result) 
    {
      $message  = 'Invalid query: ' . mysql_error() . "\n";
      $message .= 'Whole query: ' . $query;
      die($message);
    }
}

I’m largely posting this up in case people run into the same problem — this is a hilariously simple fix for a difficult to fix problem in drupal, but it’s a generic information architecture issue of what to do when the system that you’re working on is unreliable. I should probably mention that the issues with security in drupal aren’t related to authentication, but instead are related to item ACLs denying access to things for strange reasons, and are not crucial security bugs in the OMG MUST PATCH NOW sense.

]]> http://www.corprew.org/blog/2008/04/17/drupal-and-taxonomy/feed/ 1