/comment/1blah -> PHP undefined index errors

Created on 12 November 2012, over 11 years ago
Updated 16 May 2023, about 1 year ago

Access /drupal/comment/1blah (any comment-id starting with a number, but containing non-numeric chars)

With default installation and MySQL, I get a 404 page that also includes PHP undefined index notices:

Notice: Undefined index: 1blah in comment_load() (line 1685 of /var/www/drupal/modules/comment/comment.module).
Notice: Undefined index: 1blah in comment_load() (line 1685 of /var/www/drupal/modules/comment/comment.module).
Notice: Trying to get property of non-object in comment_access() (line 1443 of /var/www/drupal/modules/comment/comment.module).

An erroneous request shouldn't make it this far, as such unexpected conditions may lead to attack vectors (apart from the annoyance of PHP notices). Failfast and all that.

Steps to reproduce

  1. Clean install of Drupal 7.x
  2. Log in as admin
  3. Add Article
  4. Add Comment
  5. Navigate to /comment/1blah

With PostgreSQL, I get database errors:

PDOException: SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for integer: "1blah" at character 609: SELECT base.cid AS cid, base.pid AS pid, base.nid AS nid, base.uid AS uid, base.subject AS subject, base.hostname AS hostname, base.created AS created, base.changed AS changed, base.status AS status, base.thread AS thread, base.name AS name, base.mail AS mail, base.homepage AS homepage, base.language AS language, n.type AS node_type, u.name AS registered_name, u.uid AS u_uid, u.signature AS signature, u.signature_format AS signature_format, u.picture AS picture FROM {comment} base INNER JOIN {node} n ON base.nid = n.nid INNER JOIN {users} u ON base.uid = u.uid WHERE (base.cid IN (:db_condition_placeholder_0)) ; Array ( [:db_condition_placeholder_0] => 1blah ) in DrupalDefaultEntityController->load() (line 196 of /var/www/.../news/includes/entity.inc).

(presumably because MySQL silently, "cleverly", ignores conversion errors, while PG does not).

In fact for PostgreSQL it's not even /comment/blah (no leading digit) yields the same error, and comment/reply/blah as well.

I'm seeing the same problem with non-numeric node ID's and PG, but that is presumably a separate issue.

πŸ› Bug report
Status

Closed: outdated

Version

7.0 ⚰️

Component
CommentΒ  β†’

Last updated 2 days ago

Created by

πŸ‡·πŸ‡΄Romania drupdan3

Live updates comments and jobs are added and updated live.
  • Needs tests

    The change is currently missing an automated test that fails when run with the original code, and succeeds when the bug has been fixed.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΈπŸ‡°Slovakia poker10

    I have tried this on clean D7.97 install and accessing such link /comment/1blah does not throw notices/warnings for me (on PHP8). This is probably outdated, but feel free to reopen, if this is still an issue. Thanks!

Production build 0.69.0 2024