diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2001-04-21 17:32:27 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2001-04-21 17:32:27 +0000 |
| commit | 0bd25284dee9af705cbc15c30ab9d80dda8221a7 (patch) | |
| tree | 971c25442a64d97015e7db156572c5543d5ba0fa /modules/story/story.module | |
| parent | 534c00f90097eecb64721c2afdeb77e7a1275173 (diff) | |
| download | brdo-0bd25284dee9af705cbc15c30ab9d80dda8221a7.tar.gz brdo-0bd25284dee9af705cbc15c30ab9d80dda8221a7.tar.bz2 | |
- Fixed security issue: unchecked form-data in a db-query (line 82)
- Fixed bug: the module now checks only against other *stories* (instead of nodes) with the same title.
Diffstat (limited to 'modules/story/story.module')
| -rw-r--r-- | modules/story/story.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/story/story.module b/modules/story/story.module index 484574d35..e73461262 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -79,7 +79,7 @@ function story_form($edit = array()) { $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n"; } - $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'")); + $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'")); if (!$edit) { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; |