diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-02-07 10:39:54 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-02-07 10:39:54 +0000 |
| commit | 06b25311b4e9e4ce6b3fd3fa4bf2981b9d1cd91a (patch) | |
| tree | 9c688b154e90a83986caf421a8258556d2002cd1 | |
| parent | d683e1d726679ce5e96e2a9d782a280b43d0e528 (diff) | |
| download | brdo-06b25311b4e9e4ce6b3fd3fa4bf2981b9d1cd91a.tar.gz brdo-06b25311b4e9e4ce6b3fd3fa4bf2981b9d1cd91a.tar.bz2 | |
- Bug 4853: fixed invalid taxonomy query.
| -rw-r--r-- | modules/taxonomy.module | 17 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 17 |
2 files changed, 20 insertions, 14 deletions
diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 7273525a1..b57be1347 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -719,18 +719,17 @@ function taxonomy_nodeapi($node, $op, $arg = 0) { function taxonomy_page() { - - // taxonomy querystring always parsed here - // TODO: support term *names* in URL (e.g. taxonomy/view/or/milk,beer,red+wine) $taxonomy->operator = arg(2); $taxonomy->str_tids = check_query(arg(3)); $taxonomy->tids = explode(",", $taxonomy->str_tids); - switch (arg(1)) { - case "feed": - taxonomy_feed($taxonomy); + if (ereg("^[0-9,]+[^,]$", $taxonomy->str_tids)) { + + switch (arg(1)) { + case "feed": + taxonomy_feed($taxonomy); break; - default: + default: // Build title: $sql = 'SELECT name FROM {term_data} WHERE tid IN (%s)'; $result = db_query($sql, $taxonomy->str_tids); @@ -752,6 +751,10 @@ function taxonomy_page() { $output = taxonomy_render_nodes(taxonomy_select_nodes($taxonomy)); print theme("page", $output, implode(', ', $names), $breadcrumbs); break; + } + } + else { + drupal_not_found(); } } diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 7273525a1..b57be1347 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -719,18 +719,17 @@ function taxonomy_nodeapi($node, $op, $arg = 0) { function taxonomy_page() { - - // taxonomy querystring always parsed here - // TODO: support term *names* in URL (e.g. taxonomy/view/or/milk,beer,red+wine) $taxonomy->operator = arg(2); $taxonomy->str_tids = check_query(arg(3)); $taxonomy->tids = explode(",", $taxonomy->str_tids); - switch (arg(1)) { - case "feed": - taxonomy_feed($taxonomy); + if (ereg("^[0-9,]+[^,]$", $taxonomy->str_tids)) { + + switch (arg(1)) { + case "feed": + taxonomy_feed($taxonomy); break; - default: + default: // Build title: $sql = 'SELECT name FROM {term_data} WHERE tid IN (%s)'; $result = db_query($sql, $taxonomy->str_tids); @@ -752,6 +751,10 @@ function taxonomy_page() { $output = taxonomy_render_nodes(taxonomy_select_nodes($taxonomy)); print theme("page", $output, implode(', ', $names), $breadcrumbs); break; + } + } + else { + drupal_not_found(); } } |