diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-04 09:31:49 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2008-01-04 09:31:49 +0000 |
| commit | 89be29505b1ed6146aef314d5524f46cc289cee3 (patch) | |
| tree | 6be929fa5d9b84c48f0a5682bc6f95cb09b3bde3 /modules/system | |
| parent | 52f95c981bbf7588aedd1b5cb3ef74641572e39e (diff) | |
| download | brdo-89be29505b1ed6146aef314d5524f46cc289cee3.tar.gz brdo-89be29505b1ed6146aef314d5524f46cc289cee3.tar.bz2 | |
#198856 by hswong3i: Fix some incorrect use of %s for table name escaping, implement better security checks
Diffstat (limited to 'modules/system')
| -rw-r--r-- | modules/system/system.module | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/modules/system/system.module b/modules/system/system.module index edf3a3bff..2431ef613 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -1213,7 +1213,7 @@ function system_cron() { db_query('DELETE FROM {batch} WHERE timestamp < %d', time() - 864000); // Remove temporary files that are older than DRUPAL_MAXIMUM_TEMP_FILE_AGE. - $result = db_query('SELECT * FROM {files} WHERE status = %s and timestamp < %d', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE); + $result = db_query('SELECT * FROM {files} WHERE status = %d and timestamp < %d', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE); while ($file = db_fetch_object($result)) { if (file_exists($file->filepath)) { // If files that exist cannot be deleted, continue so the database remains |