diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-07-21 15:36:05 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-07-21 15:36:05 +0000 |
| commit | c39562ae036f303f77767f438b89be88a23fe277 (patch) | |
| tree | fbfc4b3846a8d851b39112c2107fb58428a1d2b4 | |
| parent | d1b175cec75792d4712b7dc7390855249c942547 (diff) | |
| download | brdo-c39562ae036f303f77767f438b89be88a23fe277.tar.gz brdo-c39562ae036f303f77767f438b89be88a23fe277.tar.bz2 | |
- Fixed node_save() and user_save() bug introduced by table prefix changes.
Modified patches from Gerhard.
- Changed the order of the checks in node_teaser(). Patch from Kobus.
| -rw-r--r-- | includes/database.mysql.inc | 25 | ||||
| -rw-r--r-- | includes/database.pear.inc | 25 | ||||
| -rw-r--r-- | modules/node.module | 30 | ||||
| -rw-r--r-- | modules/node/node.module | 30 | ||||
| -rw-r--r-- | modules/user.module | 11 | ||||
| -rw-r--r-- | modules/user/user.module | 11 |
6 files changed, 88 insertions, 44 deletions
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc index 38d4af71d..a4fa2d65e 100644 --- a/includes/database.mysql.inc +++ b/includes/database.mysql.inc @@ -23,11 +23,18 @@ function db_connect($url) { function db_query($query) { $args = func_get_args(); + $query = db_prefix_tables($query); if (count($args) > 1) { - $args = array_map("check_query", $args); - $args[0] = $query; - return _db_query(call_user_func_array("sprintf", $args)); + if(is_array($args[1])){ + $args1 = array_map("check_query", $args[1]); + $nargs = array_merge(array($query), $args1); + } + else { + $nargs = array_map("check_query", $args); + $nargs[0] = $query; + } + return _db_query(call_user_func_array("sprintf", $nargs)); } else { return _db_query($query); @@ -39,9 +46,15 @@ function db_queryd($query) { $args = func_get_args(); $query = db_prefix_tables($query); if (count($args) > 1) { - $args = array_map("check_query", $args); - $args[0] = $query; - return _db_query(call_user_func_array("sprintf", $args), 1); + if(is_array($args[1])){ + $args1 = array_map("check_query", $args[1]); + $nargs = array_merge(array($query), $args1); + } + else { + $nargs = array_map("check_query", $args); + $nargs[0] = $query; + } + return _db_query(call_user_func_array("sprintf", $nargs), 1); } else { return _db_query($query, 1); diff --git a/includes/database.pear.inc b/includes/database.pear.inc index ff3b00e4f..36e18c236 100644 --- a/includes/database.pear.inc +++ b/includes/database.pear.inc @@ -25,11 +25,18 @@ function db_connect($url) { function db_query($query) { $args = func_get_args(); + $query = db_prefix_tables($query); if (count($args) > 1) { - $args = array_map("check_query", $args); - $args[0] = $query; - return _db_query(call_user_func_array("sprintf", $args)); + if(is_array($args[1])){ + $args1 = array_map("check_query", $args[1]); + $nargs = array_merge(array($query), $args1); + } + else { + $nargs = array_map("check_query", $args); + $nargs[0] = $query; + } + return _db_query(call_user_func_array("sprintf", $nargs)); } else { return _db_query($query); @@ -41,9 +48,15 @@ function db_queryd($query) { $args = func_get_args(); $query = db_prefix_tables($query); if (count($args) > 1) { - $args = array_map("check_query", $args); - $args[0] = $query; - return _db_query(call_user_func_array("sprintf", $args), 1); + if(is_array($args[1])){ + $args1 = array_map("check_query", $args[1]); + $nargs = array_merge(array($query), $args1); + } + else { + $nargs = array_map("check_query", $args); + $nargs[0] = $query; + } + return _db_query(call_user_func_array("sprintf", $nargs), 1); } else { return _db_query($query, 1); diff --git a/modules/node.module b/modules/node.module index e1b93cdd3..329f6c3f6 100644 --- a/modules/node.module +++ b/modules/node.module @@ -127,14 +127,6 @@ function node_teaser($body) { } /* - ** If we have a short body, return the entire body: - */ - - if (strlen($body) < $size) { - return $body; - } - - /* ** If a valid delimiter has been specified, use it to ** chop of the teaser. The delimiter can be outside ** the allowed range but no more than a factor two. @@ -146,6 +138,14 @@ function node_teaser($body) { } /* + ** If we have a short body, return the entire body: + */ + + if (strlen($body) < $size) { + return $body; + } + + /* ** In some cases no delimiter has been specified (eg. ** when posting using the Blogger API) in which case ** we try to split at paragraph boundaries. @@ -302,12 +302,17 @@ function node_save($node) { foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); - $v[] = "'". check_query($value) ."'"; + $v[] = $value; + $s[] = "'%s'"; } } + $keysfmt = implode(", ", $s); + // need to quote the placeholders for the values + $valsfmt = "'". implode("', '", $s) ."'"; + // Insert the node into the database: - db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); + db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v); // Call the node specific callback (if any): node_invoke($node, "insert"); @@ -325,12 +330,13 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '". check_query($value) ."'"; + $q[] = check_query($key) ." = '%s'"; + $v[] = $value; } } // Update the node in the database: - db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); + db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v); // Call the node specific callback (if any): node_invoke($node, "update"); diff --git a/modules/node/node.module b/modules/node/node.module index e1b93cdd3..329f6c3f6 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -127,14 +127,6 @@ function node_teaser($body) { } /* - ** If we have a short body, return the entire body: - */ - - if (strlen($body) < $size) { - return $body; - } - - /* ** If a valid delimiter has been specified, use it to ** chop of the teaser. The delimiter can be outside ** the allowed range but no more than a factor two. @@ -146,6 +138,14 @@ function node_teaser($body) { } /* + ** If we have a short body, return the entire body: + */ + + if (strlen($body) < $size) { + return $body; + } + + /* ** In some cases no delimiter has been specified (eg. ** when posting using the Blogger API) in which case ** we try to split at paragraph boundaries. @@ -302,12 +302,17 @@ function node_save($node) { foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); - $v[] = "'". check_query($value) ."'"; + $v[] = $value; + $s[] = "'%s'"; } } + $keysfmt = implode(", ", $s); + // need to quote the placeholders for the values + $valsfmt = "'". implode("', '", $s) ."'"; + // Insert the node into the database: - db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); + db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v); // Call the node specific callback (if any): node_invoke($node, "insert"); @@ -325,12 +330,13 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '". check_query($value) ."'"; + $q[] = check_query($key) ." = '%s'"; + $v[] = $value; } } // Update the node in the database: - db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); + db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v); // Call the node specific callback (if any): node_invoke($node, "update"); diff --git a/modules/user.module b/modules/user.module index 07f4866f8..ed74776d6 100644 --- a/modules/user.module +++ b/modules/user.module @@ -122,12 +122,14 @@ function user_save($account, $array = array()) { foreach ($array as $key => $value) { if ($key == "pass") { $fields[] = check_query($key); - $values[] = "'". md5($value) ."'"; + $values[] = md5($value); + $s[] = "'%s'"; } else if (substr($key, 0, 4) !== "auth") { if (in_array($key, $user_fields)) { $fields[] = check_query($key); - $values[] = "'". check_query($value) ."'"; + $values[] = $value; + $s[] = "'%s'"; } else { $data[$key] = $value; @@ -136,9 +138,10 @@ function user_save($account, $array = array()) { } $fields[] = "data"; - $values[] = "'". check_query(serialize($data)) ."'"; + $values[] = serialize($data); + $s[] = "'%s'"; - db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")"); + db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values); $user = user_load(array("name" => $array["name"])); } diff --git a/modules/user/user.module b/modules/user/user.module index 07f4866f8..ed74776d6 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -122,12 +122,14 @@ function user_save($account, $array = array()) { foreach ($array as $key => $value) { if ($key == "pass") { $fields[] = check_query($key); - $values[] = "'". md5($value) ."'"; + $values[] = md5($value); + $s[] = "'%s'"; } else if (substr($key, 0, 4) !== "auth") { if (in_array($key, $user_fields)) { $fields[] = check_query($key); - $values[] = "'". check_query($value) ."'"; + $values[] = $value; + $s[] = "'%s'"; } else { $data[$key] = $value; @@ -136,9 +138,10 @@ function user_save($account, $array = array()) { } $fields[] = "data"; - $values[] = "'". check_query(serialize($data)) ."'"; + $values[] = serialize($data); + $s[] = "'%s'"; - db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")"); + db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values); $user = user_load(array("name" => $array["name"])); } |