diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/node.module | 30 | ||||
| -rw-r--r-- | modules/node/node.module | 30 | ||||
| -rw-r--r-- | modules/user.module | 11 | ||||
| -rw-r--r-- | modules/user/user.module | 11 |
4 files changed, 50 insertions, 32 deletions
diff --git a/modules/node.module b/modules/node.module index e1b93cdd3..329f6c3f6 100644 --- a/modules/node.module +++ b/modules/node.module @@ -127,14 +127,6 @@ function node_teaser($body) { } /* - ** If we have a short body, return the entire body: - */ - - if (strlen($body) < $size) { - return $body; - } - - /* ** If a valid delimiter has been specified, use it to ** chop of the teaser. The delimiter can be outside ** the allowed range but no more than a factor two. @@ -146,6 +138,14 @@ function node_teaser($body) { } /* + ** If we have a short body, return the entire body: + */ + + if (strlen($body) < $size) { + return $body; + } + + /* ** In some cases no delimiter has been specified (eg. ** when posting using the Blogger API) in which case ** we try to split at paragraph boundaries. @@ -302,12 +302,17 @@ function node_save($node) { foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); - $v[] = "'". check_query($value) ."'"; + $v[] = $value; + $s[] = "'%s'"; } } + $keysfmt = implode(", ", $s); + // need to quote the placeholders for the values + $valsfmt = "'". implode("', '", $s) ."'"; + // Insert the node into the database: - db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); + db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v); // Call the node specific callback (if any): node_invoke($node, "insert"); @@ -325,12 +330,13 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '". check_query($value) ."'"; + $q[] = check_query($key) ." = '%s'"; + $v[] = $value; } } // Update the node in the database: - db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); + db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v); // Call the node specific callback (if any): node_invoke($node, "update"); diff --git a/modules/node/node.module b/modules/node/node.module index e1b93cdd3..329f6c3f6 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -127,14 +127,6 @@ function node_teaser($body) { } /* - ** If we have a short body, return the entire body: - */ - - if (strlen($body) < $size) { - return $body; - } - - /* ** If a valid delimiter has been specified, use it to ** chop of the teaser. The delimiter can be outside ** the allowed range but no more than a factor two. @@ -146,6 +138,14 @@ function node_teaser($body) { } /* + ** If we have a short body, return the entire body: + */ + + if (strlen($body) < $size) { + return $body; + } + + /* ** In some cases no delimiter has been specified (eg. ** when posting using the Blogger API) in which case ** we try to split at paragraph boundaries. @@ -302,12 +302,17 @@ function node_save($node) { foreach ($node as $key => $value) { if (in_array($key, $fields)) { $k[] = check_query($key); - $v[] = "'". check_query($value) ."'"; + $v[] = $value; + $s[] = "'%s'"; } } + $keysfmt = implode(", ", $s); + // need to quote the placeholders for the values + $valsfmt = "'". implode("', '", $s) ."'"; + // Insert the node into the database: - db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")"); + db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v); // Call the node specific callback (if any): node_invoke($node, "insert"); @@ -325,12 +330,13 @@ function node_save($node) { // Prepare the query: foreach ($node as $key => $value) { if (in_array($key, $fields)) { - $q[] = check_query($key) ." = '". check_query($value) ."'"; + $q[] = check_query($key) ." = '%s'"; + $v[] = $value; } } // Update the node in the database: - db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'"); + db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v); // Call the node specific callback (if any): node_invoke($node, "update"); diff --git a/modules/user.module b/modules/user.module index 07f4866f8..ed74776d6 100644 --- a/modules/user.module +++ b/modules/user.module @@ -122,12 +122,14 @@ function user_save($account, $array = array()) { foreach ($array as $key => $value) { if ($key == "pass") { $fields[] = check_query($key); - $values[] = "'". md5($value) ."'"; + $values[] = md5($value); + $s[] = "'%s'"; } else if (substr($key, 0, 4) !== "auth") { if (in_array($key, $user_fields)) { $fields[] = check_query($key); - $values[] = "'". check_query($value) ."'"; + $values[] = $value; + $s[] = "'%s'"; } else { $data[$key] = $value; @@ -136,9 +138,10 @@ function user_save($account, $array = array()) { } $fields[] = "data"; - $values[] = "'". check_query(serialize($data)) ."'"; + $values[] = serialize($data); + $s[] = "'%s'"; - db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")"); + db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values); $user = user_load(array("name" => $array["name"])); } diff --git a/modules/user/user.module b/modules/user/user.module index 07f4866f8..ed74776d6 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -122,12 +122,14 @@ function user_save($account, $array = array()) { foreach ($array as $key => $value) { if ($key == "pass") { $fields[] = check_query($key); - $values[] = "'". md5($value) ."'"; + $values[] = md5($value); + $s[] = "'%s'"; } else if (substr($key, 0, 4) !== "auth") { if (in_array($key, $user_fields)) { $fields[] = check_query($key); - $values[] = "'". check_query($value) ."'"; + $values[] = $value; + $s[] = "'%s'"; } else { $data[$key] = $value; @@ -136,9 +138,10 @@ function user_save($account, $array = array()) { } $fields[] = "data"; - $values[] = "'". check_query(serialize($data)) ."'"; + $values[] = serialize($data); + $s[] = "'%s'"; - db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")"); + db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values); $user = user_load(array("name" => $array["name"])); } |