diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/locale.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 6 | ||||
| -rw-r--r-- | modules/node.module | 12 | ||||
| -rw-r--r-- | modules/node/node.module | 12 | ||||
| -rw-r--r-- | modules/system.module | 1 | ||||
| -rw-r--r-- | modules/system/system.module | 1 | ||||
| -rw-r--r-- | modules/watchdog.module | 15 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 15 |
8 files changed, 44 insertions, 24 deletions
diff --git a/modules/locale.module b/modules/locale.module index 4050c6acf..86dcc5d4b 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -438,11 +438,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(db_escape_string(arg(4))); + $output .= _locale_string_delete(arg(4)); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(db_escape_string(arg(4))); + $output .= _locale_string_edit(arg(4)); $output .= _locale_string_seek(); break; case t('Search'): @@ -451,7 +451,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(db_escape_string(arg(4))); + $output .= _locale_string_save(arg(4)); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/locale/locale.module b/modules/locale/locale.module index 4050c6acf..86dcc5d4b 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -438,11 +438,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(db_escape_string(arg(4))); + $output .= _locale_string_delete(arg(4)); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(db_escape_string(arg(4))); + $output .= _locale_string_edit(arg(4)); $output .= _locale_string_seek(); break; case t('Search'): @@ -451,7 +451,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(db_escape_string(arg(4))); + $output .= _locale_string_save(arg(4)); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/node.module b/modules/node.module index eb243ef75..685509cf3 100644 --- a/modules/node.module +++ b/modules/node.module @@ -345,27 +345,31 @@ function node_load($param = array(), $revision = NULL, $reset = NULL) { $nodes = array(); } + $arguments = array(); if (is_numeric($param)) { $cachable = $revision == NULL; if ($cachable && isset($nodes[$param])) { return $nodes[$param]; } - $cond = 'n.nid = '. $param; + $cond = 'n.nid = %d'; + $arguments[] = $param; } else { // Turn the conditions into a query. foreach ($param as $key => $value) { - $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '%s'"; + $arguments[] = $value; } $cond = implode(' AND ', $cond); } // Retrieve the node. if ($revision) { - $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $revision)); + array_unshift($arguments, $revision); + $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $arguments)); } else { - $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond))); + $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond), $arguments)); } if ($node->nid) { diff --git a/modules/node/node.module b/modules/node/node.module index eb243ef75..685509cf3 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -345,27 +345,31 @@ function node_load($param = array(), $revision = NULL, $reset = NULL) { $nodes = array(); } + $arguments = array(); if (is_numeric($param)) { $cachable = $revision == NULL; if ($cachable && isset($nodes[$param])) { return $nodes[$param]; } - $cond = 'n.nid = '. $param; + $cond = 'n.nid = %d'; + $arguments[] = $param; } else { // Turn the conditions into a query. foreach ($param as $key => $value) { - $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '%s'"; + $arguments[] = $value; } $cond = implode(' AND ', $cond); } // Retrieve the node. if ($revision) { - $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $revision)); + array_unshift($arguments, $revision); + $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $arguments)); } else { - $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond))); + $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond), $arguments)); } if ($node->nid) { diff --git a/modules/system.module b/modules/system.module index 8e7b857df..a1e2ecf84 100644 --- a/modules/system.module +++ b/modules/system.module @@ -783,6 +783,7 @@ function system_settings_form_submit($form_id, $values) { if ($form_id == 'system_settings_form') { menu_rebuild(); } + drupal_goto($_GET['q']); } /** diff --git a/modules/system/system.module b/modules/system/system.module index 8e7b857df..a1e2ecf84 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -783,6 +783,7 @@ function system_settings_form_submit($form_id, $values) { if ($form_id == 'system_settings_form') { menu_rebuild(); } + drupal_goto($_GET['q']); } /** diff --git a/modules/watchdog.module b/modules/watchdog.module index 3bab67c51..4f19dce27 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -71,10 +71,8 @@ function watchdog_overview() { $classes = array(WATCHDOG_NOTICE => 'watchdog-notice', WATCHDOG_WARNING => 'watchdog-warning', WATCHDOG_ERROR => 'watchdog-error'); $names['all'] = t('all messages'); - $queries['all'] = ''; foreach (_watchdog_get_message_types() as $type) { $names[$type] = t('%type messages', array('%type' => t($type))); - $queries[$type] = "WHERE type = '". db_escape_string($type) ."'"; } if (empty($_SESSION['watchdog_overview_filter'])) { @@ -104,8 +102,16 @@ function watchdog_overview() { array('data' => t('User'), 'field' => 'u.name'), array('data' => t('Operations')) ); - $sql = 'SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid '. $queries[$_SESSION['watchdog_overview_filter']] . tablesort_sql($header); - $result = pager_query($sql, 50); + + $sql = "SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid"; + $tablesort = tablesort_sql($header); + $type = $_SESSION['watchdog_overview_filter']; + if ($type != 'all') { + $result = pager_query($sql ." WHERE w.type = '%s'". $tablesort, 50, 0, NULL, $type); + } + else { + $result = pager_query($sql . $tablesort, 50); + } while ($watchdog = db_fetch_object($result)) { $rows[] = array('data' => @@ -127,7 +133,6 @@ function watchdog_overview() { $rows[] = array(array('data' => t('No log messages available.'), 'colspan' => 6)); } - $output .= theme('table', $header, $rows); $output .= theme('pager', NULL, 50, 0, tablesort_pager()); diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 3bab67c51..4f19dce27 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -71,10 +71,8 @@ function watchdog_overview() { $classes = array(WATCHDOG_NOTICE => 'watchdog-notice', WATCHDOG_WARNING => 'watchdog-warning', WATCHDOG_ERROR => 'watchdog-error'); $names['all'] = t('all messages'); - $queries['all'] = ''; foreach (_watchdog_get_message_types() as $type) { $names[$type] = t('%type messages', array('%type' => t($type))); - $queries[$type] = "WHERE type = '". db_escape_string($type) ."'"; } if (empty($_SESSION['watchdog_overview_filter'])) { @@ -104,8 +102,16 @@ function watchdog_overview() { array('data' => t('User'), 'field' => 'u.name'), array('data' => t('Operations')) ); - $sql = 'SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid '. $queries[$_SESSION['watchdog_overview_filter']] . tablesort_sql($header); - $result = pager_query($sql, 50); + + $sql = "SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid"; + $tablesort = tablesort_sql($header); + $type = $_SESSION['watchdog_overview_filter']; + if ($type != 'all') { + $result = pager_query($sql ." WHERE w.type = '%s'". $tablesort, 50, 0, NULL, $type); + } + else { + $result = pager_query($sql . $tablesort, 50); + } while ($watchdog = db_fetch_object($result)) { $rows[] = array('data' => @@ -127,7 +133,6 @@ function watchdog_overview() { $rows[] = array(array('data' => t('No log messages available.'), 'colspan' => 6)); } - $output .= theme('table', $header, $rows); $output .= theme('pager', NULL, 50, 0, tablesort_pager()); |