From 173888b43d24390108826f965a87aca9535d56ae Mon Sep 17 00:00:00 2001 From: Dries Buytaert <dries@buytaert.net> Date: Sat, 21 Apr 2001 17:52:39 +0000 Subject: [PATCH] *** UnConeD wrote: > - Fixed security issue: unchecked form-data in a db-query (line 82) > - Fixed bug: the module now checks only against other *stories* > (instead of nodes) with the same title. - Took out the duplicate title check; after the story module has been "nodified", duplicate titles are no longer a problem. --- modules/story.module | 6 ------ modules/story/story.module | 6 ------ 2 files changed, 12 deletions(-) diff --git a/modules/story.module b/modules/story.module index e73461262cb1..2a14200fc64b 100644 --- a/modules/story.module +++ b/modules/story.module @@ -79,8 +79,6 @@ function story_form($edit = array()) { $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n"; } - $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'")); - if (!$edit) { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } @@ -92,10 +90,6 @@ function story_form($edit = array()) { $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } - else if (!$edit[nid] && $duplicate) { - $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n"; - $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; - } else { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n"; diff --git a/modules/story/story.module b/modules/story/story.module index e73461262cb1..2a14200fc64b 100644 --- a/modules/story/story.module +++ b/modules/story/story.module @@ -79,8 +79,6 @@ function story_form($edit = array()) { $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n"; } - $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'")); - if (!$edit) { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } @@ -92,10 +90,6 @@ function story_form($edit = array()) { $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; } - else if (!$edit[nid] && $duplicate) { - $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n"; - $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; - } else { $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n"; $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n"; -- GitLab