- Fixed security issue: unchecked form-data in a db-query (line 82)

- Fixed bug: the module now checks only against other *stories* (instead of nodes) with the same title.

- Fixed security issue: unchecked form-data in a db-query (line 82)
0bd25284 · Steven Wittens · 534c00f9 · 0bd25284 · 0bd25284
Commit 0bd25284 authored 23 years ago by Steven Wittens
--- a/modules/story.module
+++ b/modules/story.module
@@ -79,7 +79,7 @@ function story_form($edit = array()) {
    $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
  }
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
+  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
  if (!$edit) {
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";

--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -79,7 +79,7 @@ function story_form($edit = array()) {
    $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
  }
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
+  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
  if (!$edit) {
    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";