diff options
| author | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2004-11-21 08:25:17 +0000 |
| commit | fa97839088dd0de1df73a990255edce7eddf90d9 (patch) | |
| tree | ddea053e39d55040400026ce1886464403b6f491 | |
| parent | dc32e54f31e2b1308d5a6813dd644477076ec48d (diff) | |
| download | brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.gz brdo-fa97839088dd0de1df73a990255edce7eddf90d9.tar.bz2 | |
- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
| -rw-r--r-- | includes/bootstrap.inc | 7 | ||||
| -rw-r--r-- | includes/common.inc | 2 | ||||
| -rw-r--r-- | includes/database.mysql.inc | 17 | ||||
| -rw-r--r-- | includes/database.pear.inc | 17 | ||||
| -rw-r--r-- | includes/database.pgsql.inc | 18 | ||||
| -rw-r--r-- | includes/locale.inc | 10 | ||||
| -rw-r--r-- | includes/tablesort.inc | 4 | ||||
| -rw-r--r-- | modules/book.module | 2 | ||||
| -rw-r--r-- | modules/book/book.module | 2 | ||||
| -rw-r--r-- | modules/comment.module | 14 | ||||
| -rw-r--r-- | modules/comment/comment.module | 14 | ||||
| -rw-r--r-- | modules/forum.module | 4 | ||||
| -rw-r--r-- | modules/forum/forum.module | 4 | ||||
| -rw-r--r-- | modules/locale.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 6 | ||||
| -rw-r--r-- | modules/node.module | 6 | ||||
| -rw-r--r-- | modules/node/node.module | 6 | ||||
| -rw-r--r-- | modules/profile.module | 4 | ||||
| -rw-r--r-- | modules/profile/profile.module | 4 | ||||
| -rw-r--r-- | modules/statistics.module | 14 | ||||
| -rw-r--r-- | modules/statistics/statistics.module | 14 | ||||
| -rw-r--r-- | modules/taxonomy.module | 4 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 4 | ||||
| -rw-r--r-- | modules/user.module | 4 | ||||
| -rw-r--r-- | modules/user/user.module | 4 | ||||
| -rw-r--r-- | modules/watchdog.module | 2 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 2 |
27 files changed, 105 insertions, 90 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 3712607d6..b1da3b337 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -346,13 +346,6 @@ function arg($index) { } /** - * Prepare user input for use in a database query, preventing SQL injection attacks. - */ -function check_query($text) { - return addslashes($text); -} - -/** * Prepare user input for use in a URI. * * We replace ( and ) with their entity equivalents to prevent XSS attacks. diff --git a/includes/common.inc b/includes/common.inc index e53865ee4..dc72c88b9 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -228,7 +228,7 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL) { */ function drupal_not_found() { header('HTTP/1.0 404 Not Found'); - watchdog('httpd', t('404 error: %page not found.', array('%page' => '<em>'. check_query($_GET['q']) .'</em>'))); + watchdog('httpd', t('404 error: %page not found.', array('%page' => '<em>'. db_escape_string($_GET['q']) .'</em>'))); $path = drupal_get_normal_path(variable_get('site_404', '')); $status = MENU_NOT_FOUND; diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc index e3c46557d..dbae5254d 100644 --- a/includes/database.mysql.inc +++ b/includes/database.mysql.inc @@ -55,11 +55,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -79,11 +79,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -248,7 +248,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -286,6 +286,13 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + +/** * @} End of "ingroup database". */ diff --git a/includes/database.pear.inc b/includes/database.pear.inc index fc8da8f91..f06db36a4 100644 --- a/includes/database.pear.inc +++ b/includes/database.pear.inc @@ -45,11 +45,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -69,11 +69,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -252,7 +252,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $result = $active_db->limitQuery(call_user_func_array('sprintf', $args), $from, $count); @@ -278,4 +278,11 @@ function db_query_range($query) { } } +/** + * Prepare user input for use in a database query, preventing SQL injection attacks. + */ +function db_escape_string($text) { + return addslashes($text); +} + ?> diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc index 3829b0920..2d5399018 100644 --- a/includes/database.pgsql.inc +++ b/includes/database.pgsql.inc @@ -51,11 +51,11 @@ function db_query($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs)); @@ -75,11 +75,11 @@ function db_queryd($query) { $query = db_prefix_tables($query); if (count($args) > 1) { if(is_array($args[1])){ - $args1 = array_map('check_query', $args[1]); + $args1 = array_map('db_escape_string', $args[1]); $nargs = array_merge(array($query), $args1); } else { - $nargs = array_map('check_query', $args); + $nargs = array_map('db_escape_string', $args); $nargs[0] = $query; } return _db_query(call_user_func_array('sprintf', $nargs), 1); @@ -242,7 +242,7 @@ function db_query_range($query) { $count = array_pop($args); $from = array_pop($args); if (count(func_get_args()) > 3) { - $args = array_map('check_query', $args); + $args = array_map('db_escape_string', $args); $query = db_prefix_tables($query); $args[0] = $query; $query = call_user_func_array('sprintf', $args); @@ -280,6 +280,14 @@ function db_decode_blob($data) { } /** + * Prepare user input for use in a database query, preventing SQL injection attacks. + * Note: This function requires PostgreSQL 7.2 or later. + */ +function db_escape_string($text) { + return pg_escape_string($text); +} + +/** * @} End of "ingroup database". */ diff --git a/includes/locale.inc b/includes/locale.inc index 8a79b3dc9..b68d38a13 100644 --- a/includes/locale.inc +++ b/includes/locale.inc @@ -1012,16 +1012,16 @@ function _locale_string_seek() { // Compute LIKE section switch ($query->searchin) { case 'translated': - $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')"; + $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')"; $orderby = "ORDER BY t.translation"; break; case 'untranslated': - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')"; $orderby = "ORDER BY s.source"; break; case 'all' : default: - $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')"; + $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')"; $orderby = ''; break; } @@ -1029,7 +1029,7 @@ function _locale_string_seek() { switch ($query->language) { // Force search in source strings case "en": - $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source"; + $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source"; break; // Search in all languages case "all": @@ -1037,7 +1037,7 @@ function _locale_string_seek() { break; // Some different language default: - $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby"; + $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby"; } $result = pager_query($sql, 50); diff --git a/includes/tablesort.inc b/includes/tablesort.inc index 43edc5fc3..6be5a5540 100644 --- a/includes/tablesort.inc +++ b/includes/tablesort.inc @@ -51,8 +51,8 @@ function tablesort_pager() { function tablesort_sql($header, $before = '') { $ts = tablesort_init($header); if ($ts['sql']) { - $sql = check_query($ts['sql']); - $sort = strtoupper(check_query($ts['sort'])); + $sql = db_escape_string($ts['sql']); + $sort = strtoupper(db_escape_string($ts['sort'])); return " ORDER BY $before $sql $sort"; } } diff --git a/modules/book.module b/modules/book.module index 5f5400a9c..8601c973e 100644 --- a/modules/book.module +++ b/modules/book.module @@ -226,7 +226,7 @@ function book_form(&$node) { global $user; $op = $_POST['op']; - + $output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.')); if (function_exists('taxonomy_node_form')) { diff --git a/modules/book/book.module b/modules/book/book.module index 5f5400a9c..8601c973e 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -226,7 +226,7 @@ function book_form(&$node) { global $user; $op = $_POST['op']; - + $output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.')); if (function_exists('taxonomy_node_form')) { diff --git a/modules/comment.module b/modules/comment.module index dc37ab5bb..fcf05d73a 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') { ); $status = ($type == 'approval') ? 1 : 0; - $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status); + $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); $result = pager_query($sql, 50); @@ -1276,10 +1276,10 @@ function comment_moderate() { } function comment_save_settings() { - $mode = check_query($_POST['mode']); - $order = check_query($_POST['order']); - $threshold = check_query($_POST['threshold']); - $comments_per_page = check_query($_POST['comments_per_page']); + $mode = db_escape_string($_POST['mode']); + $order = db_escape_string($_POST['order']); + $threshold = db_escape_string($_POST['threshold']); + $comments_per_page = db_escape_string($_POST['comments_per_page']); global $user; $edit = $_POST['edit']; diff --git a/modules/comment/comment.module b/modules/comment/comment.module index dc37ab5bb..fcf05d73a 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') { ); $status = ($type == 'approval') ? 1 : 0; - $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status); + $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); $result = pager_query($sql, 50); @@ -1276,10 +1276,10 @@ function comment_moderate() { } function comment_save_settings() { - $mode = check_query($_POST['mode']); - $order = check_query($_POST['order']); - $threshold = check_query($_POST['threshold']); - $comments_per_page = check_query($_POST['comments_per_page']); + $mode = db_escape_string($_POST['mode']); + $order = db_escape_string($_POST['order']); + $threshold = db_escape_string($_POST['threshold']); + $comments_per_page = db_escape_string($_POST['comments_per_page']); global $user; $edit = $_POST['edit']; diff --git a/modules/forum.module b/modules/forum.module index d19961328..1143e21ca 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) { // This query does not use full ANSI syntax since MySQL 3.x does not support // table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria - // used to join node_comment_statistics to users + // used to join node_comment_statistics to users. $topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1)); $last_post->timestamp = $topic->last_comment_timestamp; $last_post->name = $topic->last_comment_name; @@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { } $term = taxonomy_get_term($tid); - $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL'; + $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL'; $sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql(); $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); diff --git a/modules/forum/forum.module b/modules/forum/forum.module index d19961328..1143e21ca 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) { // This query does not use full ANSI syntax since MySQL 3.x does not support // table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria - // used to join node_comment_statistics to users + // used to join node_comment_statistics to users. $topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1)); $last_post->timestamp = $topic->last_comment_timestamp; $last_post->name = $topic->last_comment_name; @@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { } $term = taxonomy_get_term($tid); - $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL'; + $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL'; $sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql(); $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); diff --git a/modules/locale.module b/modules/locale.module index f828f86eb..f6be43d65 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/locale/locale.module b/modules/locale/locale.module index f828f86eb..f6be43d65 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/node.module b/modules/node.module index 76270f76e..f56379f04 100644 --- a/modules/node.module +++ b/modules/node.module @@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) { // Turn the conditions into a query. foreach ($conditions as $key => $value) { - $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; } // Retrieve the node. @@ -452,7 +452,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $k[] = check_query($key); + $k[] = db_escape_string($key); $v[] = $value; $s[] = "'%s'"; } @@ -478,7 +478,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '%s'"; + $q[] = db_escape_string($key) ." = '%s'"; $v[] = $value; } } diff --git a/modules/node/node.module b/modules/node/node.module index 76270f76e..f56379f04 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) { // Turn the conditions into a query. foreach ($conditions as $key => $value) { - $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; } // Retrieve the node. @@ -452,7 +452,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $k[] = check_query($key); + $k[] = db_escape_string($key); $v[] = $value; $s[] = "'%s'"; } @@ -478,7 +478,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '%s'"; + $q[] = db_escape_string($key) ." = '%s'"; $v[] = $value; } } diff --git a/modules/profile.module b/modules/profile.module index 3bf611a03..44d283167 100644 --- a/modules/profile.module +++ b/modules/profile.module @@ -86,10 +86,10 @@ function profile_browse() { $query = 'v.value = 1'; break; case 'selection': - $query = "v.value = '". check_query($value) ."'"; + $query = "v.value = '". db_escape_string($value) ."'"; break; case 'list': - $query = "v.value LIKE '%%". check_query($value) ."%%'"; + $query = "v.value LIKE '%%". db_escape_string($value) ."%%'"; break; default: drupal_not_found(); diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 3bf611a03..44d283167 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -86,10 +86,10 @@ function profile_browse() { $query = 'v.value = 1'; break; case 'selection': - $query = "v.value = '". check_query($value) ."'"; + $query = "v.value = '". db_escape_string($value) ."'"; break; case 'list': - $query = "v.value LIKE '%%". check_query($value) ."%%'"; + $query = "v.value LIKE '%%". db_escape_string($value) ."%%'"; break; default: drupal_not_found(); diff --git a/modules/statistics.module b/modules/statistics.module index a384b4076..568ee805b 100644 --- a/modules/statistics.module +++ b/modules/statistics.module @@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { // retrieve recent access logs for specific user $id $user = user_load(array('uid' => $id)); $page_title = t('Recent hits for "%username"', array('%username' => $user->name)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'"; } else { // retrieve recent access logs for all users (not guests) @@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { case 'page': // retrieve recent access logs for title $id $page_title = t('Recent hits for "%title"', array('%title' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'"; break; case 'host': // retrieve recent access logs for hostname $id $page_title = t('Recent hits for "%hostname"', array('%hostname' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'"; break; case 'all': default: @@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') { $describe = t('Top referrers in the past %interval'); } elseif ($view == 'internal') { - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top internal referrers in the past %interval'); } else { /* default to external */ - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top external referrers in the past %interval'); } diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module index a384b4076..568ee805b 100644 --- a/modules/statistics/statistics.module +++ b/modules/statistics/statistics.module @@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { // retrieve recent access logs for specific user $id $user = user_load(array('uid' => $id)); $page_title = t('Recent hits for "%username"', array('%username' => $user->name)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'"; } else { // retrieve recent access logs for all users (not guests) @@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { case 'page': // retrieve recent access logs for title $id $page_title = t('Recent hits for "%title"', array('%title' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'"; break; case 'host': // retrieve recent access logs for hostname $id $page_title = t('Recent hits for "%hostname"', array('%hostname' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'"; break; case 'all': default: @@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') { $describe = t('Top referrers in the past %interval'); } elseif ($view == 'internal') { - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top internal referrers in the past %interval'); } else { /* default to external */ - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top external referrers in the past %interval'); } diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 42ece7d17..6ef41d12b 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') { function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) { } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 42ece7d17..6ef41d12b 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') { function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) { } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } diff --git a/modules/user.module b/modules/user.module index 390eb075e..f9337d1d3 100644 --- a/modules/user.module +++ b/modules/user.module @@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') { // because we don't have a fully initialized user object yet. foreach ($array as $key => $value) { if ($key == 'pass') { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = md5($value); $s[] = "'%s'"; } else if (substr($key, 0, 4) !== 'auth') { if (in_array($key, $user_fields)) { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = $value; $s[] = "'%s'"; } diff --git a/modules/user/user.module b/modules/user/user.module index 390eb075e..f9337d1d3 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') { // because we don't have a fully initialized user object yet. foreach ($array as $key => $value) { if ($key == 'pass') { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = md5($value); $s[] = "'%s'"; } else if (substr($key, 0, 4) !== 'auth') { if (in_array($key, $user_fields)) { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = $value; $s[] = "'%s'"; } diff --git a/modules/watchdog.module b/modules/watchdog.module index 6aebf299c..75ee5ef4c 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -83,7 +83,7 @@ function watchdog_cron() { */ function watchdog_overview($type = '') { foreach (_watchdog_get_message_types() as $key) { - $query[$key] = "WHERE type = '". check_query($key) ."'"; + $query[$key] = "WHERE type = '". db_escape_string($key) ."'"; } $header = array( diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 6aebf299c..75ee5ef4c 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -83,7 +83,7 @@ function watchdog_cron() { */ function watchdog_overview($type = '') { foreach (_watchdog_get_message_types() as $key) { - $query[$key] = "WHERE type = '". check_query($key) ."'"; + $query[$key] = "WHERE type = '". db_escape_string($key) ."'"; } $header = array( |