- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."

1 files changed, 7 insertions, 7 deletions

diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index dc37ab5bb..fcf05d73a 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) {
     else {
       // Multiple comment view
 
-      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";
+      $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0";
 
       $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
 
@@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) {
       }
 
       // Start a form, for use with comment control and moderation.
-      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'");
+      $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'");
       if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
         $output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
         $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
@@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') {
   );
 
   $status = ($type == 'approval') ? 1 : 0;
-  $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status);
+  $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status);
   $sql .= tablesort_sql($header);
   $result = pager_query($sql,  50);
 
@@ -1276,10 +1276,10 @@ function comment_moderate() {
 }
 
 function comment_save_settings() {
-  $mode              = check_query($_POST['mode']);
-  $order             = check_query($_POST['order']);
-  $threshold         = check_query($_POST['threshold']);
-  $comments_per_page = check_query($_POST['comments_per_page']);
+  $mode              = db_escape_string($_POST['mode']);
+  $order             = db_escape_string($_POST['order']);
+  $threshold         = db_escape_string($_POST['threshold']);
+  $comments_per_page = db_escape_string($_POST['comments_per_page']);
 
   global $user;
   $edit = $_POST['edit'];