From 0bd25284dee9af705cbc15c30ab9d80dda8221a7 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Sat, 21 Apr 2001 17:32:27 +0000
Subject: - Fixed security issue: unchecked form-data in a db-query (line 82)

- Fixed bug: the module now checks only against other *stories* (instead of nodes) with the same title.
---
 modules/story.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/story.module')

diff --git a/modules/story.module b/modules/story.module
index 484574d35..e73461262 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -79,7 +79,7 @@ function story_form($edit = array()) {
     $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
   }
 
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
+  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
 
   if (!$edit) {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
-- 
cgit v1.2.3