diff options
| author | Dries Buytaert <dries@buytaert.net> | 2001-04-21 17:52:39 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2001-04-21 17:52:39 +0000 |
| commit | 173888b43d24390108826f965a87aca9535d56ae (patch) | |
| tree | 4e58467f3ac4960932a4bc296b122f1ba22d87d2 | |
| parent | 26fed7826f1cba88b15f9c7c5f881d44227ab250 (diff) | |
| download | brdo-173888b43d24390108826f965a87aca9535d56ae.tar.gz brdo-173888b43d24390108826f965a87aca9535d56ae.tar.bz2 | |
*** UnConeD wrote:
> - Fixed security issue: unchecked form-data in a db-query (line 82)
> - Fixed bug: the module now checks only against other *stories*
> (instead of nodes) with the same title.
- Took out the duplicate title check; after the story module has
been "nodified", duplicate titles are no longer a problem.
| -rw-r--r-- | modules/story.module | 6 | ||||
| -rw-r--r-- | modules/story/story.module | 6 |
2 files changed, 0 insertions, 12 deletions
diff --git a/modules/story.module b/modules/story.module index e73461262..2a14200fc 100644 --- a/modules/story.module +++ b/modules/story.module @@ -79,8 +79,6 @@ function story_form($edit = array()) { $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n"; } - $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'")); - if (!$edit) { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } @@ -92,10 +90,6 @@ function story_form($edit = array()) { $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } - else if (!$edit[nid] && $duplicate) { - $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n"; - $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; - } else { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n"; diff --git a/modules/story/story.module b/modules/story/story.module index e73461262..2a14200fc 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -79,8 +79,6 @@ function story_form($edit = array()) { $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n"; } - $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'")); - if (!$edit) { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } @@ -92,10 +90,6 @@ function story_form($edit = array()) { $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } - else if (!$edit[nid] && $duplicate) { - $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n"; - $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; - } else { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n"; |