summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDries Buytaert <dries@buytaert.net>2004-09-29 05:42:37 +0000
committerDries Buytaert <dries@buytaert.net>2004-09-29 05:42:37 +0000
commitf4b076bc016282201df6ca50c65e628bc03f9227 (patch)
tree112b861a76af9e743f769679f1f5870734074720
parent1298d2b9c90ba496a9e63b76cd9875113d25257e (diff)
downloadbrdo-f4b076bc016282201df6ca50c65e628bc03f9227.tar.gz
brdo-f4b076bc016282201df6ca50c65e628bc03f9227.tar.bz2
- Patch #10977 by killes: review node access checks in book module.
Diffstat
-rw-r--r--modules/book.module20
-rw-r--r--modules/book/book.module20
2 files changed, 20 insertions, 20 deletions
diff --git a/modules/book.module b/modules/book.module
index 41c0ff843..0268329df 100644
--- a/modules/book.module
+++ b/modules/book.module
@@ -90,7 +90,7 @@ function book_menu($may_cache) {
'callback' => 'book_admin_orphan',
'access' => user_access('administer nodes'),
'weight' => 8);
- $result = db_query('SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = 0 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = 0 ORDER BY b.weight, n.title');
while ($book = db_fetch_object($result)) {
$items[] = array('path' => 'admin/node/book/'. $book->nid, 'title' => t('"%title" book', array('%title' => $book->title)));
}
@@ -121,7 +121,7 @@ function book_block($op = 'list', $delta = 0) {
else {
// Only display this block when the user is browsing a book:
if (arg(0) == 'node' && is_numeric(arg(1))) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d', arg(1));
+ $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' n.nid = %d', arg(1));
if (db_num_rows($result) > 0) {
$node = db_fetch_object($result);
@@ -315,7 +315,7 @@ function book_revision_load($page, $conditions = array()) {
* Return the path (call stack) to a certain book page.
*/
function book_location($node, $nodes = array()) {
- $parent = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d', $node->parent));
+ $parent = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND n.nid = %d', $node->parent));
if ($parent->title) {
$nodes = book_location($parent, $nodes);
array_push($nodes, $parent);
@@ -324,7 +324,7 @@ function book_location($node, $nodes = array()) {
}
function book_location_down($node, $nodes = array()) {
- $last_direct_child = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d ORDER BY b.weight DESC, n.title DESC', $node->nid));
+ $last_direct_child = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = %d ORDER BY b.weight DESC, n.title DESC', $node->nid));
if ($last_direct_child) {
array_push($nodes, $last_direct_child);
$nodes = book_location_down($last_direct_child, $nodes);
@@ -342,7 +342,7 @@ function book_prev($node) {
}
// Previous on the same level:
- $direct_above = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight < %d OR (b.weight = %d AND n.title < '%s')) ORDER BY b.weight DESC, n.title DESC", $node->parent, $node->weight, $node->weight, $node->title));
+ $direct_above = db_fetch_object(db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() ." AND b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight < %d OR (b.weight = %d AND n.title < '%s')) ORDER BY b.weight DESC, n.title DESC", $node->parent, $node->weight, $node->weight, $node->title));
if ($direct_above) {
// Get last leaf of $above.
$path = book_location_down($direct_above);
@@ -351,7 +351,7 @@ function book_prev($node) {
}
else {
// Direct parent:
- $prev = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '')", $node->parent));
+ $prev = db_fetch_object(db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() ." AND n.nid = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '')", $node->parent));
return $prev;
}
}
@@ -581,7 +581,7 @@ function book_tree($parent = 0, $depth = 3, $unfold = array()) {
* Menu callback; prints a listing of all books.
*/
function book_render() {
- $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = 0 AND n.status = 1 AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title');
+ $result = db_query('SELECT n.nid FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = 0 AND n.status = 1 AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title');
while ($page = db_fetch_object($result)) {
// Load the node:
@@ -671,7 +671,7 @@ function book_admin_view_line($node, $depth = 0) {
}
function book_admin_view_book($nid, $depth = 1) {
- $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d ORDER BY b.weight, n.title", $nid);
+ $result = db_query('SELECT n.nid FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = %d ORDER BY b.weight, n.title', $nid);
while ($node = db_fetch_object($result)) {
$node = node_load(array('nid' => $node->nid));
@@ -731,7 +731,7 @@ function book_admin_save($nid, $edit = array()) {
* Menu callback; displays a listing of all orphaned book pages.
*/
function book_admin_orphan() {
- $result = db_query('SELECT n.nid, n.title, n.status, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid');
+ $result = db_query('SELECT n.nid, n.title, n.status, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql());
while ($page = db_fetch_object($result)) {
$pages[$page->nid] = $page;
@@ -808,4 +808,4 @@ function book_help_page() {
print theme('page', book_help('admin/help#book'));
}
-?>
+?> \ No newline at end of file
diff --git a/modules/book/book.module b/modules/book/book.module
index 41c0ff843..0268329df 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -90,7 +90,7 @@ function book_menu($may_cache) {
'callback' => 'book_admin_orphan',
'access' => user_access('administer nodes'),
'weight' => 8);
- $result = db_query('SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = 0 ORDER BY b.weight, n.title');
+ $result = db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = 0 ORDER BY b.weight, n.title');
while ($book = db_fetch_object($result)) {
$items[] = array('path' => 'admin/node/book/'. $book->nid, 'title' => t('"%title" book', array('%title' => $book->title)));
}
@@ -121,7 +121,7 @@ function book_block($op = 'list', $delta = 0) {
else {
// Only display this block when the user is browsing a book:
if (arg(0) == 'node' && is_numeric(arg(1))) {
- $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d', arg(1));
+ $result = db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' n.nid = %d', arg(1));
if (db_num_rows($result) > 0) {
$node = db_fetch_object($result);
@@ -315,7 +315,7 @@ function book_revision_load($page, $conditions = array()) {
* Return the path (call stack) to a certain book page.
*/
function book_location($node, $nodes = array()) {
- $parent = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d', $node->parent));
+ $parent = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND n.nid = %d', $node->parent));
if ($parent->title) {
$nodes = book_location($parent, $nodes);
array_push($nodes, $parent);
@@ -324,7 +324,7 @@ function book_location($node, $nodes = array()) {
}
function book_location_down($node, $nodes = array()) {
- $last_direct_child = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d ORDER BY b.weight DESC, n.title DESC', $node->nid));
+ $last_direct_child = db_fetch_object(db_query('SELECT n.nid, n.title, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = %d ORDER BY b.weight DESC, n.title DESC', $node->nid));
if ($last_direct_child) {
array_push($nodes, $last_direct_child);
$nodes = book_location_down($last_direct_child, $nodes);
@@ -342,7 +342,7 @@ function book_prev($node) {
}
// Previous on the same level:
- $direct_above = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight < %d OR (b.weight = %d AND n.title < '%s')) ORDER BY b.weight DESC, n.title DESC", $node->parent, $node->weight, $node->weight, $node->title));
+ $direct_above = db_fetch_object(db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() ." AND b.parent = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '') AND (b.weight < %d OR (b.weight = %d AND n.title < '%s')) ORDER BY b.weight DESC, n.title DESC", $node->parent, $node->weight, $node->weight, $node->title));
if ($direct_above) {
// Get last leaf of $above.
$path = book_location_down($direct_above);
@@ -351,7 +351,7 @@ function book_prev($node) {
}
else {
// Direct parent:
- $prev = db_fetch_object(db_query("SELECT n.nid, n.title FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE n.nid = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '')", $node->parent));
+ $prev = db_fetch_object(db_query('SELECT n.nid, n.title FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() ." AND n.nid = %d AND n.status = 1 AND (n.moderate = 0 OR n.revisions != '')", $node->parent));
return $prev;
}
}
@@ -581,7 +581,7 @@ function book_tree($parent = 0, $depth = 3, $unfold = array()) {
* Menu callback; prints a listing of all books.
*/
function book_render() {
- $result = db_query('SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = 0 AND n.status = 1 AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title');
+ $result = db_query('SELECT n.nid FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = 0 AND n.status = 1 AND (n.moderate = 0 OR n.revisions IS NOT NULL) ORDER BY b.weight, n.title');
while ($page = db_fetch_object($result)) {
// Load the node:
@@ -671,7 +671,7 @@ function book_admin_view_line($node, $depth = 0) {
}
function book_admin_view_book($nid, $depth = 1) {
- $result = db_query("SELECT n.nid FROM {node} n INNER JOIN {book} b ON n.nid = b.nid WHERE b.parent = %d ORDER BY b.weight, n.title", $nid);
+ $result = db_query('SELECT n.nid FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql() .' AND b.parent = %d ORDER BY b.weight, n.title', $nid);
while ($node = db_fetch_object($result)) {
$node = node_load(array('nid' => $node->nid));
@@ -731,7 +731,7 @@ function book_admin_save($nid, $edit = array()) {
* Menu callback; displays a listing of all orphaned book pages.
*/
function book_admin_orphan() {
- $result = db_query('SELECT n.nid, n.title, n.status, b.parent FROM {node} n INNER JOIN {book} b ON n.nid = b.nid');
+ $result = db_query('SELECT n.nid, n.title, n.status, b.parent FROM {node} n '. node_access_join_sql() .' INNER JOIN {book} b ON n.nid = b.nid WHERE '. node_access_where_sql());
while ($page = db_fetch_object($result)) {
$pages[$page->nid] = $page;
@@ -808,4 +808,4 @@ function book_help_page() {
print theme('page', book_help('admin/help#book'));
}
-?>
+?> \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 23:23:47 +0000