From 702a057683c51f4fdbaaeb8f963ec282caab6d14 Mon Sep 17 00:00:00 2001 From: Dries Buytaert Date: Sun, 25 Jul 2004 14:25:42 +0000 Subject: - Patch #9478 by JonBob: allow printf-style arguments in pager_query. Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature. This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability. --- modules/tracker/tracker.module | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'modules/tracker/tracker.module') diff --git a/modules/tracker/tracker.module b/modules/tracker/tracker.module index fb7b5d674..9ef13b95b 100644 --- a/modules/tracker/tracker.module +++ b/modules/tracker/tracker.module @@ -44,9 +44,7 @@ function tracker_page($uid = 0) { $output .= ''; if ($uid) { - $uid = check_query($uid); - - $result = pager_query("SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = $uid OR c.uid = $uid) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC", 25, 0, "SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = $uid OR c.uid = $uid)"); + $result = pager_query('SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, MAX(GREATEST(n.changed, c.timestamp)) AS last_post FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid INNER JOIN {users} u ON n.uid = u.uid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) GROUP BY n.nid, n.title, n.type, n.changed, n.uid, u.name ORDER BY last_post DESC', 25, 0, 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)', $uid, $uid); } else { -- cgit v1.2.3