Make WordPress Core

Opened 5 years ago

Closed 3 years ago

#15959 closed defect (bug) (fixed)

get_adjacent_post() can generate invalid SQL

Reported by: dd32 Owned by: westi
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.0
Component: Query Keywords: has-patch needs-testing
Focuses: Cc:


As reported on wp-testers, if get_adjacent_post() is used with $in_same_cat = true on a post type which does not support categories, then a invalid SQL will be generated.


SELECT p.* FROM wp_posts AS p INNER JOIN wp_term_relationships AS tr ON p.ID = tr.object_id INNER JOIN wp_term_taxonomy tt ON tr.term_taxonomy_id = tt.term_taxonomy_id AND tt.taxonomy = 'category' AND tt.term_id IN () WHERE p.post_date < '2010-07-04 12:24:53' AND p.post_type = 'note' AND p.post_status = 'publish' AND tt.taxonomy = 'category' ORDER BY p.post_date DESC LIMIT 1


AND tt.term_id IN ()

Whilst this is not a problem in the 2011 theme, Some themes may call the functions which can result in this.

wp-testers thread: http://lists.automattic.com/pipermail/wp-testers/2010-December/013841.html

one potential solution would be:

	// Check to see if the Post Type supports categories before honoring the argument.
	if ( $in_same_cat ) {
		$taxonomies = get_object_taxonomies($post);
		if ( ! in_array('category', $taxonomies) )
			$in_same_cat = false;

From what I can see, this would not be a regression from any previous version of WordPress

Attachments (5)

15959.patch (481 bytes) - added by SergeyBiryukov 5 years ago.
get_adjacent_post.patch (637 bytes) - added by wpdavis 5 years ago.
get_adjacent_post.2.patch (523 bytes) - added by markauk 4 years ago.
15959-get_adjacent_post.js (525 bytes) - added by batmoo 3 years ago.
15959.2.patch (936 bytes) - added by SergeyBiryukov 3 years ago.
The patch from #22360

Download all attachments as: .zip

Change History (21)

comment:1 @dd325 years ago

  • Component changed from General to Template
  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 3.1 to 3.0

Just confirming this was an issue in 3.0 as well.

@SergeyBiryukov5 years ago

comment:2 @SergeyBiryukov5 years ago

  • Keywords has-patch added; needs-patch removed

Made a patch from Dion's proposed solution.

comment:3 @dd325 years ago

Related, but unrelated to the problem at hand - #13096 - use a custom taxonomy in place of category

comment:4 @wpdavis5 years ago

  • Component changed from Template to Query

Just updated the patch. Simply check if the array of object terms is empty.

@wpdavis5 years ago

comment:5 @wpdavis5 years ago

  • Version changed from 3.0 to 3.1

comment:6 @sivel5 years ago

  • Version changed from 3.1 to 3.0

comment:7 @markauk4 years ago

This bug also manifests on post types which do support categories, but where no categories are set for a given post. Present in 3.2(18084).

Alternate patch attached which fixes both cases.

comment:8 @scribu4 years ago

Related: #17807

comment:9 @SergeyBiryukov3 years ago

Closed #20682 as a duplicate.

comment:10 @batmoo3 years ago

  • Cc batmoo@… added

comment:11 @westi3 years ago

  • Milestone changed from Future Release to 3.5

This is pretty lame, we should fix it.

comment:12 @batmoo3 years ago

  • Keywords needs-testing added

Patch should catch scenarios where category taxonomy doesn't exist, post_type doesn't support the category taxonomy, and if post doesn't have any categories. We should return empty in all of these cases as we should honour the $in_same_cat request.

comment:13 @nacin3 years ago

#22360 was marked as a duplicate.

comment:14 @nacin3 years ago

Slightly tweaked patch on #22360 — use of is_object_in_taxonomy() rather than the WP_Error check, I guess.

comment:15 @nacin3 years ago

  • Owner set to westi
  • Status changed from new to assigned

This seems like a good thing to fix. There have been quite a few bug reports and no one likes a database error. westi, can you finish this off for 3.5?

@SergeyBiryukov3 years ago

The patch from #22360

comment:16 @nacin3 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 22472:

Return nothing in get_adjacent_post() when $in_same_cat = true but the post doesn't support (or otherwise have) categories. Avoids SQL error. props batmoo, SergeyBiryukov. fixes #15959.

Note: See TracTickets for help on using tickets.