Commit ca6b170b authored by dsnopek's avatar dsnopek Committed by dsnopek

Issue #2855030 by dsnopek, catch: [views] Add D6 patch for SA-CONTRIB-2017-022

parent 1ca76227
diff --git a/modules/taxonomy/views_handler_argument_term_node_tid.inc b/modules/taxonomy/views_handler_argument_term_node_tid.inc
index 966ff98..b2533ef 100644
--- a/modules/taxonomy/views_handler_argument_term_node_tid.inc
+++ b/modules/taxonomy/views_handler_argument_term_node_tid.inc
@@ -31,7 +31,7 @@ class views_handler_argument_term_node_tid extends views_handler_argument_many_t
$titles = array();
$placeholders = implode(', ', array_fill(0, sizeof($this->value), '%d'));
- $result = db_query("SELECT name FROM {term_data} WHERE tid IN ($placeholders)", $this->value);
+ $result = db_query(db_rewrite_sql("SELECT name FROM {term_data} td WHERE tid IN ($placeholders)", 'td', 'tid'), $this->value);
while ($term = db_fetch_object($result)) {
$titles[] = check_plain($term->name);
}
diff --git a/modules/taxonomy/views_handler_filter_term_node_tid.inc b/modules/taxonomy/views_handler_filter_term_node_tid.inc
index ceb8ea5..36b3e97 100644
--- a/modules/taxonomy/views_handler_filter_term_node_tid.inc
+++ b/modules/taxonomy/views_handler_filter_term_node_tid.inc
@@ -262,7 +262,7 @@ class views_handler_filter_term_node_tid extends views_handler_filter_many_to_on
// add the taxonomy vid to the argument list.
$args[] = $this->options['vid'];
- $result = db_query("SELECT * FROM {term_data} td WHERE td.name IN (" . implode(', ', $placeholders) . ") AND td.vid = %d", $args);
+ $result = db_query(db_rewrite_sql("SELECT * FROM {term_data} td WHERE td.name IN (" . implode(', ', $placeholders) . ") AND td.vid = %d", 'td', 'tid'), $args);
while ($term = db_fetch_object($result)) {
unset($missing[strtolower($term->name)]);
$tids[] = $term->tid;
diff --git a/modules/taxonomy/views_plugin_argument_validate_taxonomy_term.inc b/modules/taxonomy/views_plugin_argument_validate_taxonomy_term.inc
index 6903aa8..2bfe1d5 100644
--- a/modules/taxonomy/views_plugin_argument_validate_taxonomy_term.inc
+++ b/modules/taxonomy/views_plugin_argument_validate_taxonomy_term.inc
@@ -62,7 +62,7 @@ class views_plugin_argument_validate_taxonomy_term extends views_plugin_argument
return FALSE;
}
- $result = db_fetch_object(db_query("SELECT * FROM {term_data} WHERE tid = %d", $argument));
+ $result = db_fetch_object(db_query(db_rewrite_sql("SELECT * FROM {term_data} td WHERE tid = %d", 'td', 'tid'), $argument));
if (!$result) {
return FALSE;
}
@@ -103,7 +103,7 @@ class views_plugin_argument_validate_taxonomy_term extends views_plugin_argument
if (count($test)) {
$placeholders = implode(', ', array_fill(0, count($test), '%d'));
- $result = db_query("SELECT * FROM {term_data} WHERE tid IN ($placeholders)", $test);
+ $result = db_query(db_rewrite_sql("SELECT * FROM {term_data} td WHERE tid IN ($placeholders)", 'td', 'tid'), $test);
while ($term = db_fetch_object($result)) {
if ($vids && empty($vids[$term->vid])) {
$validated_cache[$term->tid] = FALSE;
@@ -128,10 +128,10 @@ class views_plugin_argument_validate_taxonomy_term extends views_plugin_argument
$and = " AND td.vid IN(" . implode(', ', $vids) . ')';
}
if ($transform) {
- $result = db_fetch_object(db_query("SELECT td.* FROM {term_data} td LEFT JOIN {term_synonym} ts ON ts.tid = td.tid WHERE (replace(td.name, ' ', '-') = '%s' OR replace(ts.name, ' ', '-') = '%s')$and", $argument, $argument));
+ $result = db_fetch_object(db_query(db_rewrite_sql("SELECT td.* FROM {term_data} td LEFT JOIN {term_synonym} ts ON ts.tid = td.tid WHERE (replace(td.name, ' ', '-') = '%s' OR replace(ts.name, ' ', '-') = '%s')$and", 'td', 'tid'), $argument, $argument));
}
else {
- $result = db_fetch_object(db_query("SELECT td.* FROM {term_data} td LEFT JOIN {term_synonym} ts ON ts.tid = td.tid WHERE (td.name = '%s' OR ts.name = '%s')$and", $argument, $argument));
+ $result = db_fetch_object(db_query(db_rewrite_sql("SELECT td.* FROM {term_data} td LEFT JOIN {term_synonym} ts ON ts.tid = td.tid WHERE (td.name = '%s' OR ts.name = '%s')$and", 'td', 'tid'), $argument, $argument));
}
if (!$result) {
return FALSE;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment