Commit 09bd156b authored by Steven Wittens's avatar Steven Wittens

- Fix tracker pager count query being wrong (it did not return a count but a...

- Fix tracker pager count query being wrong (it did not return a count but a set, and it counted nodes with more than 1 comment as multiple nodes).
- Clean up various SQL queries: removing literally inserted data (db_escape_string is evil!), fixing single "%" which should be "%%", fixing integers being compared as strings.
parent 86af977e
......@@ -754,7 +754,7 @@ function comment_render($node, $cid = 0) {
else {
// Multiple comment view
$query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0";
$query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = 0";
$query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
......@@ -846,7 +846,7 @@ function comment_render($node, $cid = 0) {
}
// Start a form, for use with comment control and moderation.
$result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". db_escape_string($nid) ."'");
$result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = %d", $nid);
if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
$output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
$output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
......@@ -1006,7 +1006,7 @@ function comment_admin_overview($type = 'new') {
$status = ($type == 'approval') ? 1 : 0;
$sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status);
$sql .= tablesort_sql($header);
$result = pager_query($sql, 50);
$result = pager_query($sql, 50);
while ($comment = db_fetch_object($result)) {
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
......
......@@ -754,7 +754,7 @@ function comment_render($node, $cid = 0) {
else {
// Multiple comment view
$query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0";
$query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = %d AND c.status = 0";
$query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
......@@ -846,7 +846,7 @@ function comment_render($node, $cid = 0) {
}
// Start a form, for use with comment control and moderation.
$result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = '". db_escape_string($nid) ."'");
$result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE status = 0 AND nid = %d", $nid);
if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
$output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
$output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
......@@ -1006,7 +1006,7 @@ function comment_admin_overview($type = 'new') {
$status = ($type == 'approval') ? 1 : 0;
$sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status);
$sql .= tablesort_sql($header);
$result = pager_query($sql, 50);
$result = pager_query($sql, 50);
while ($comment = db_fetch_object($result)) {
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
......
......@@ -437,10 +437,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$term = taxonomy_get_term($tid);
$sql = node_rewrite_sql("SELECT n.nid, f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n, {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = '%s' AND n.uid = u.uid AND n.nid = f.nid");
$sql = node_rewrite_sql("SELECT n.nid, f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n, {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = %d AND n.uid = u.uid AND n.nid = f.nid");
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
$sql_count = node_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = '%s' WHERE n.status = 1 AND n.type = 'forum'");
$sql_count = node_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = %d WHERE n.status = 1 AND n.type = 'forum'");
$result = pager_query($sql, $forum_per_page, 0, $sql_count, $tid);
......
......@@ -437,10 +437,10 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
$term = taxonomy_get_term($tid);
$sql = node_rewrite_sql("SELECT n.nid, f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n, {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = '%s' AND n.uid = u.uid AND n.nid = f.nid");
$sql = node_rewrite_sql("SELECT n.nid, f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) AS last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n, {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = %d AND n.uid = u.uid AND n.nid = f.nid");
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
$sql_count = node_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = '%s' WHERE n.status = 1 AND n.type = 'forum'");
$sql_count = node_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {term_node} r ON n.nid = r.nid AND r.tid = %d WHERE n.status = 1 AND n.type = 'forum'");
$result = pager_query($sql, $forum_per_page, 0, $sql_count, $tid);
......
......@@ -1864,7 +1864,7 @@ function _node_rewrite_sql($query = '', $nid_alias = 'n', $args = array()) {
function node_rewrite_sql($query, $nid_alias = 'n', $args = array()) {
list($join, $where, $nid_to_select) = _node_rewrite_sql($query, $nid_alias, $args);
$query = preg_replace('/(SELECT.*)('. $nid_alias .'\.)?nid(.*FROM)/AUs', '\1'. $nid_to_select .'\3', $query);
$query = preg_replace('/(SELECT.*)('. $nid_alias .'\.)?(?<!DISTINCT\()(?<!DISTINCT\('. $nid_alias .'\.)nid(.*FROM)/AUsi', '\1'. $nid_to_select .'\3', $query);
$query = preg_replace('|FROM[^[:upper:]/,]+|','\0 '.$join.' ', $query);
if (strpos($query, 'WHERE')) {
......
......@@ -1864,7 +1864,7 @@ function _node_rewrite_sql($query = '', $nid_alias = 'n', $args = array()) {
function node_rewrite_sql($query, $nid_alias = 'n', $args = array()) {
list($join, $where, $nid_to_select) = _node_rewrite_sql($query, $nid_alias, $args);
$query = preg_replace('/(SELECT.*)('. $nid_alias .'\.)?nid(.*FROM)/AUs', '\1'. $nid_to_select .'\3', $query);
$query = preg_replace('/(SELECT.*)('. $nid_alias .'\.)?(?<!DISTINCT\()(?<!DISTINCT\('. $nid_alias .'\.)nid(.*FROM)/AUsi', '\1'. $nid_to_select .'\3', $query);
$query = preg_replace('|FROM[^[:upper:]/,]+|','\0 '.$join.' ', $query);
if (strpos($query, 'WHERE')) {
......
......@@ -265,7 +265,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
$sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
$sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE type = 'poll' AND status = 1 AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
$sql = node_rewrite_sql($sql);
$result = pager_query($sql, 15);
$output = '<ul>';
......
......@@ -265,7 +265,7 @@ function poll_node_name($node) {
function poll_page() {
// List all polls
$sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid=p.nid INNER JOIN {poll_choices} c ON n.nid=c.nid WHERE type = 'poll' AND status = 1 AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
$sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE type = 'poll' AND status = 1 AND moderate = 0 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
$sql = node_rewrite_sql($sql);
$result = pager_query($sql, 15);
$output = '<ul>';
......
......@@ -171,7 +171,7 @@ function statistics_node_tracker() {
array('data' => t('User'), 'field' => 'u.name'),
array('data' => t('Operations')));
$result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/'. db_escape_string($node->nid) ."%'" . tablesort_sql($header), 30);
$result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/%d%%'" . tablesort_sql($header), 30, 0, NULL, $node->nid);
while ($log = db_fetch_object($result)) {
$rows[] = array(
array('data' => format_date($log->timestamp, 'small'), 'nowrap' => 'nowrap'),
......@@ -200,7 +200,7 @@ function statistics_user_tracker() {
array('data' => t('Page'), 'field' => 'path'),
array('data' => t('Operations')));
$result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = \''. db_escape_string($account->uid) ."'" . tablesort_sql($header), 30);
$result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = %d' . tablesort_sql($header), 30, 0, NULL, $account->uid);
while ($log = db_fetch_object($result)) {
$rows[] = array(
array('data' => format_date($log->timestamp, 'small'), 'nowrap' => 'nowrap'),
......@@ -304,8 +304,8 @@ function statistics_top_users() {
* Menu callback; presents the "Top referrers" page.
*/
function statistics_top_referrers() {
$query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
$query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%%%s%%' AND url <> '' GROUP BY url";
$query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%%%s%%'";
drupal_set_title(t('Top referrers in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))));
$header = array(
......@@ -315,7 +315,7 @@ function statistics_top_referrers() {
);
$query .= tablesort_sql($header);
$result = pager_query($query, 30, 0, $query_cnt);
$result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
while ($referrer = db_fetch_object($result)) {
$rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
......
......@@ -171,7 +171,7 @@ function statistics_node_tracker() {
array('data' => t('User'), 'field' => 'u.name'),
array('data' => t('Operations')));
$result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/'. db_escape_string($node->nid) ."%'" . tablesort_sql($header), 30);
$result = pager_query('SELECT a.aid, a.timestamp, a.url, a.uid, u.name FROM {accesslog} a LEFT JOIN {users} u ON a.uid = u.uid WHERE a.path LIKE \'node/%d%%'" . tablesort_sql($header), 30, 0, NULL, $node->nid);
while ($log = db_fetch_object($result)) {
$rows[] = array(
array('data' => format_date($log->timestamp, 'small'), 'nowrap' => 'nowrap'),
......@@ -200,7 +200,7 @@ function statistics_user_tracker() {
array('data' => t('Page'), 'field' => 'path'),
array('data' => t('Operations')));
$result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = \''. db_escape_string($account->uid) ."'" . tablesort_sql($header), 30);
$result = pager_query('SELECT aid, timestamp, path, title FROM {accesslog} WHERE uid = %d' . tablesort_sql($header), 30, 0, NULL, $account->uid);
while ($log = db_fetch_object($result)) {
$rows[] = array(
array('data' => format_date($log->timestamp, 'small'), 'nowrap' => 'nowrap'),
......@@ -304,8 +304,8 @@ function statistics_top_users() {
* Menu callback; presents the "Top referrers" page.
*/
function statistics_top_referrers() {
$query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
$query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$query = "SELECT url, COUNT(url) AS hits, MAX(timestamp) AS last FROM {accesslog} WHERE url NOT LIKE '%%%s%%' AND url <> '' GROUP BY url";
$query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%%%s%%'";
drupal_set_title(t('Top referrers in the past %interval', array('%interval' => format_interval(variable_get('statistics_flush_accesslog_timer', 259200)))));
$header = array(
......@@ -315,7 +315,7 @@ function statistics_top_referrers() {
);
$query .= tablesort_sql($header);
$result = pager_query($query, 30, 0, $query_cnt);
$result = pager_query($query, 30, 0, $query_cnt, $_SERVER['HTTP_HOST']);
while ($referrer = db_fetch_object($result)) {
$rows[] = array($referrer->hits, '<a href="'. $referrer->url .'">'. _statistics_column_width($referrer->url) .'</a>', t('%time ago', array('%time' => format_interval(time() - $referrer->last))));
......
......@@ -834,7 +834,7 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
$wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')';
}
$sql = 'SELECT n.nid, n.sticky, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY n.sticky DESC, n.created DESC';
$sql_count = 'SELECT COUNT(n.nid) FROM {node} n ' . $joins .' WHERE n.status = 1 ' . $wheres;
$sql_count = 'SELECT COUNT(n.nid) FROM {node} n '. $joins .' WHERE n.status = 1 ' . $wheres;
}
$sql = node_rewrite_sql($sql);
$sql_count = node_rewrite_sql($sql_count);
......
......@@ -834,7 +834,7 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
$wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')';
}
$sql = 'SELECT n.nid, n.sticky, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY n.sticky DESC, n.created DESC';
$sql_count = 'SELECT COUNT(n.nid) FROM {node} n ' . $joins .' WHERE n.status = 1 ' . $wheres;
$sql_count = 'SELECT COUNT(n.nid) FROM {node} n '. $joins .' WHERE n.status = 1 ' . $wheres;
}
$sql = node_rewrite_sql($sql);
$sql_count = node_rewrite_sql($sql_count);
......
......@@ -75,7 +75,7 @@ function tracker_page($uid = 0) {
if ($uid) {
$sql = 'SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, l.last_comment_timestamp AS last_post, l.comment_count FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) ORDER BY last_post DESC';
$sql = node_rewrite_sql($sql);
$sql_count = 'SELECT n.nid FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)';
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)';
$sql_count = node_rewrite_sql($sql_count);
$result = pager_query($sql, 25, 0, $sql_count, $uid, $uid);
}
......
......@@ -75,7 +75,7 @@ function tracker_page($uid = 0) {
if ($uid) {
$sql = 'SELECT n.nid, n.title, n.type, n.changed, n.uid, u.name, l.last_comment_timestamp AS last_post, l.comment_count FROM {node} n INNER JOIN {node_comment_statistics} l ON n.nid = l.nid INNER JOIN {users} u ON n.uid = u.uid LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d) ORDER BY last_post DESC';
$sql = node_rewrite_sql($sql);
$sql_count = 'SELECT n.nid FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)';
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n LEFT JOIN {comments} c ON n.nid = c.nid AND (c.status = 0 OR c.status IS NULL) WHERE n.status = 1 AND (n.uid = %d OR c.uid = %d)';
$sql_count = node_rewrite_sql($sql_count);
$result = pager_query($sql, 25, 0, $sql_count, $uid, $uid);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment