diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/book.module | 2 | ||||
| -rw-r--r-- | modules/book/book.module | 2 | ||||
| -rw-r--r-- | modules/comment.module | 14 | ||||
| -rw-r--r-- | modules/comment/comment.module | 14 | ||||
| -rw-r--r-- | modules/forum.module | 4 | ||||
| -rw-r--r-- | modules/forum/forum.module | 4 | ||||
| -rw-r--r-- | modules/locale.module | 6 | ||||
| -rw-r--r-- | modules/locale/locale.module | 6 | ||||
| -rw-r--r-- | modules/node.module | 6 | ||||
| -rw-r--r-- | modules/node/node.module | 6 | ||||
| -rw-r--r-- | modules/profile.module | 4 | ||||
| -rw-r--r-- | modules/profile/profile.module | 4 | ||||
| -rw-r--r-- | modules/statistics.module | 14 | ||||
| -rw-r--r-- | modules/statistics/statistics.module | 14 | ||||
| -rw-r--r-- | modules/taxonomy.module | 4 | ||||
| -rw-r--r-- | modules/taxonomy/taxonomy.module | 4 | ||||
| -rw-r--r-- | modules/user.module | 4 | ||||
| -rw-r--r-- | modules/user/user.module | 4 | ||||
| -rw-r--r-- | modules/watchdog.module | 2 | ||||
| -rw-r--r-- | modules/watchdog/watchdog.module | 2 |
20 files changed, 60 insertions, 60 deletions
diff --git a/modules/book.module b/modules/book.module index 5f5400a9c..8601c973e 100644 --- a/modules/book.module +++ b/modules/book.module @@ -226,7 +226,7 @@ function book_form(&$node) { global $user; $op = $_POST['op']; - + $output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.')); if (function_exists('taxonomy_node_form')) { diff --git a/modules/book/book.module b/modules/book/book.module index 5f5400a9c..8601c973e 100644 --- a/modules/book/book.module +++ b/modules/book/book.module @@ -226,7 +226,7 @@ function book_form(&$node) { global $user; $op = $_POST['op']; - + $output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.')); if (function_exists('taxonomy_node_form')) { diff --git a/modules/comment.module b/modules/comment.module index dc37ab5bb..fcf05d73a 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') { ); $status = ($type == 'approval') ? 1 : 0; - $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status); + $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); $result = pager_query($sql, 50); @@ -1276,10 +1276,10 @@ function comment_moderate() { } function comment_save_settings() { - $mode = check_query($_POST['mode']); - $order = check_query($_POST['order']); - $threshold = check_query($_POST['threshold']); - $comments_per_page = check_query($_POST['comments_per_page']); + $mode = db_escape_string($_POST['mode']); + $order = db_escape_string($_POST['order']); + $threshold = db_escape_string($_POST['threshold']); + $comments_per_page = db_escape_string($_POST['comments_per_page']); global $user; $edit = $_POST['edit']; diff --git a/modules/comment/comment.module b/modules/comment/comment.module index dc37ab5bb..fcf05d73a 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) { else { // Multiple comment view - $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0"; + $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0"; $query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread'; @@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) { } // Start a form, for use with comment control and moderation. - $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'"); + $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'"); if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) { $output .= '<form method="post" action="'. url('comment') ."\"><div>\n"; $output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page); @@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') { ); $status = ($type == 'approval') ? 1 : 0; - $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status); + $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status); $sql .= tablesort_sql($header); $result = pager_query($sql, 50); @@ -1276,10 +1276,10 @@ function comment_moderate() { } function comment_save_settings() { - $mode = check_query($_POST['mode']); - $order = check_query($_POST['order']); - $threshold = check_query($_POST['threshold']); - $comments_per_page = check_query($_POST['comments_per_page']); + $mode = db_escape_string($_POST['mode']); + $order = db_escape_string($_POST['order']); + $threshold = db_escape_string($_POST['threshold']); + $comments_per_page = db_escape_string($_POST['comments_per_page']); global $user; $edit = $_POST['edit']; diff --git a/modules/forum.module b/modules/forum.module index d19961328..1143e21ca 100644 --- a/modules/forum.module +++ b/modules/forum.module @@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) { // This query does not use full ANSI syntax since MySQL 3.x does not support // table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria - // used to join node_comment_statistics to users + // used to join node_comment_statistics to users. $topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1)); $last_post->timestamp = $topic->last_comment_timestamp; $last_post->name = $topic->last_comment_name; @@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { } $term = taxonomy_get_term($tid); - $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL'; + $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL'; $sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql(); $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); diff --git a/modules/forum/forum.module b/modules/forum/forum.module index d19961328..1143e21ca 100644 --- a/modules/forum/forum.module +++ b/modules/forum/forum.module @@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) { // This query does not use full ANSI syntax since MySQL 3.x does not support // table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria - // used to join node_comment_statistics to users + // used to join node_comment_statistics to users. $topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1)); $last_post->timestamp = $topic->last_comment_timestamp; $last_post->name = $topic->last_comment_name; @@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) { } $term = taxonomy_get_term($tid); - $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL'; + $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL'; $sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql(); $sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,'); diff --git a/modules/locale.module b/modules/locale.module index f828f86eb..f6be43d65 100644 --- a/modules/locale.module +++ b/modules/locale.module @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/locale/locale.module b/modules/locale/locale.module index f828f86eb..f6be43d65 100644 --- a/modules/locale/locale.module +++ b/modules/locale/locale.module @@ -428,11 +428,11 @@ function locale_admin_string() { switch ($op) { case 'delete': - $output .= _locale_string_delete(check_query(arg(4))); + $output .= _locale_string_delete(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case 'edit': - $output .= _locale_string_edit(check_query(arg(4))); + $output .= _locale_string_edit(db_escape_string(arg(4))); $output .= _locale_string_seek(); break; case t('Search'): @@ -441,7 +441,7 @@ function locale_admin_string() { $output .= _locale_string_seek_form(); break; case t('Save translations'): - $output .= _locale_string_save(check_query(arg(4))); + $output .= _locale_string_save(db_escape_string(arg(4))); drupal_goto('admin/locale/string/search'); break; default: diff --git a/modules/node.module b/modules/node.module index 76270f76e..f56379f04 100644 --- a/modules/node.module +++ b/modules/node.module @@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) { // Turn the conditions into a query. foreach ($conditions as $key => $value) { - $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; } // Retrieve the node. @@ -452,7 +452,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $k[] = check_query($key); + $k[] = db_escape_string($key); $v[] = $value; $s[] = "'%s'"; } @@ -478,7 +478,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '%s'"; + $q[] = db_escape_string($key) ." = '%s'"; $v[] = $value; } } diff --git a/modules/node/node.module b/modules/node/node.module index 76270f76e..f56379f04 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) { // Turn the conditions into a query. foreach ($conditions as $key => $value) { - $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'"; + $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'"; } // Retrieve the node. @@ -452,7 +452,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $k[] = check_query($key); + $k[] = db_escape_string($key); $v[] = $value; $s[] = "'%s'"; } @@ -478,7 +478,7 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '%s'"; + $q[] = db_escape_string($key) ." = '%s'"; $v[] = $value; } } diff --git a/modules/profile.module b/modules/profile.module index 3bf611a03..44d283167 100644 --- a/modules/profile.module +++ b/modules/profile.module @@ -86,10 +86,10 @@ function profile_browse() { $query = 'v.value = 1'; break; case 'selection': - $query = "v.value = '". check_query($value) ."'"; + $query = "v.value = '". db_escape_string($value) ."'"; break; case 'list': - $query = "v.value LIKE '%%". check_query($value) ."%%'"; + $query = "v.value LIKE '%%". db_escape_string($value) ."%%'"; break; default: drupal_not_found(); diff --git a/modules/profile/profile.module b/modules/profile/profile.module index 3bf611a03..44d283167 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -86,10 +86,10 @@ function profile_browse() { $query = 'v.value = 1'; break; case 'selection': - $query = "v.value = '". check_query($value) ."'"; + $query = "v.value = '". db_escape_string($value) ."'"; break; case 'list': - $query = "v.value LIKE '%%". check_query($value) ."%%'"; + $query = "v.value LIKE '%%". db_escape_string($value) ."%%'"; break; default: drupal_not_found(); diff --git a/modules/statistics.module b/modules/statistics.module index a384b4076..568ee805b 100644 --- a/modules/statistics.module +++ b/modules/statistics.module @@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { // retrieve recent access logs for specific user $id $user = user_load(array('uid' => $id)); $page_title = t('Recent hits for "%username"', array('%username' => $user->name)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'"; } else { // retrieve recent access logs for all users (not guests) @@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { case 'page': // retrieve recent access logs for title $id $page_title = t('Recent hits for "%title"', array('%title' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'"; break; case 'host': // retrieve recent access logs for hostname $id $page_title = t('Recent hits for "%hostname"', array('%hostname' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'"; break; case 'all': default: @@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') { $describe = t('Top referrers in the past %interval'); } elseif ($view == 'internal') { - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top internal referrers in the past %interval'); } else { /* default to external */ - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top external referrers in the past %interval'); } diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module index a384b4076..568ee805b 100644 --- a/modules/statistics/statistics.module +++ b/modules/statistics/statistics.module @@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { // retrieve recent access logs for specific user $id $user = user_load(array('uid' => $id)); $page_title = t('Recent hits for "%username"', array('%username' => $user->name)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'"; } else { // retrieve recent access logs for all users (not guests) @@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) { case 'page': // retrieve recent access logs for title $id $page_title = t('Recent hits for "%title"', array('%title' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'"; break; case 'host': // retrieve recent access logs for hostname $id $page_title = t('Recent hits for "%hostname"', array('%hostname' => $id)); - $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'"; + $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'"; break; case 'all': default: @@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') { $describe = t('Top referrers in the past %interval'); } elseif ($view == 'internal') { - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top internal referrers in the past %interval'); } else { /* default to external */ - $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; - $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'"; + $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url"; + $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'"; $describe = t('Top external referrers in the past %interval'); } diff --git a/modules/taxonomy.module b/modules/taxonomy.module index 42ece7d17..6ef41d12b 100644 --- a/modules/taxonomy.module +++ b/modules/taxonomy.module @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') { function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) { } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module index 42ece7d17..6ef41d12b 100644 --- a/modules/taxonomy/taxonomy.module +++ b/modules/taxonomy/taxonomy.module @@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') { function _taxonomy_prepare_update($data) { foreach ($data as $key => $value) { - $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); return $result; @@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) { } else { foreach (array_values($data) as $value) { - $q[] = "'". str_replace('%', '%%', check_query($value)) ."'"; + $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'"; } $result = implode(', ', $q); } diff --git a/modules/user.module b/modules/user.module index 390eb075e..f9337d1d3 100644 --- a/modules/user.module +++ b/modules/user.module @@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') { // because we don't have a fully initialized user object yet. foreach ($array as $key => $value) { if ($key == 'pass') { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = md5($value); $s[] = "'%s'"; } else if (substr($key, 0, 4) !== 'auth') { if (in_array($key, $user_fields)) { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = $value; $s[] = "'%s'"; } diff --git a/modules/user/user.module b/modules/user/user.module index 390eb075e..f9337d1d3 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') { // because we don't have a fully initialized user object yet. foreach ($array as $key => $value) { if ($key == 'pass') { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = md5($value); $s[] = "'%s'"; } else if (substr($key, 0, 4) !== 'auth') { if (in_array($key, $user_fields)) { - $fields[] = check_query($key); + $fields[] = db_escape_string($key); $values[] = $value; $s[] = "'%s'"; } diff --git a/modules/watchdog.module b/modules/watchdog.module index 6aebf299c..75ee5ef4c 100644 --- a/modules/watchdog.module +++ b/modules/watchdog.module @@ -83,7 +83,7 @@ function watchdog_cron() { */ function watchdog_overview($type = '') { foreach (_watchdog_get_message_types() as $key) { - $query[$key] = "WHERE type = '". check_query($key) ."'"; + $query[$key] = "WHERE type = '". db_escape_string($key) ."'"; } $header = array( diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module index 6aebf299c..75ee5ef4c 100644 --- a/modules/watchdog/watchdog.module +++ b/modules/watchdog/watchdog.module @@ -83,7 +83,7 @@ function watchdog_cron() { */ function watchdog_overview($type = '') { foreach (_watchdog_get_message_types() as $key) { - $query[$key] = "WHERE type = '". check_query($key) ."'"; + $query[$key] = "WHERE type = '". db_escape_string($key) ."'"; } $header = array( |