- Fixed security issue: unchecked form-data in a db-query (line 82)

- Fixed bug: the module now checks only against other *stories* (instead of nodes) with the same title.

2 files changed, 2 insertions, 2 deletions

diff --git a/modules/story.module b/modules/story.module
index 484574d35..e73461262 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -79,7 +79,7 @@ function story_form($edit = array()) {
     $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
   }
 
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
+  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
 
   if (!$edit) {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
diff --git a/modules/story/story.module b/modules/story/story.module
index 484574d35..e73461262 100644
--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -79,7 +79,7 @@ function story_form($edit = array()) {
     $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
   }
 
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
+  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
 
   if (!$edit) {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";