From 173888b43d24390108826f965a87aca9535d56ae Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sat, 21 Apr 2001 17:52:39 +0000
Subject: [PATCH] *** UnConeD wrote: > - Fixed security issue: unchecked
 form-data in a db-query (line 82) > - Fixed bug: the module now checks only
 against other *stories* >   (instead of nodes) with the same title.

- Took out the duplicate title check; after the story module has
  been "nodified", duplicate titles are no longer a problem.
---
 modules/story.module       | 6 ------
 modules/story/story.module | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/modules/story.module b/modules/story.module
index e73461262cb1..2a14200fc64b 100644
--- a/modules/story.module
+++ b/modules/story.module
@@ -79,8 +79,6 @@ function story_form($edit = array()) {
     $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
   }
 
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
-
   if (!$edit) {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
   }
@@ -92,10 +90,6 @@ function story_form($edit = array()) {
     $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n";
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
   }
-  else if (!$edit[nid] && $duplicate) {
-    $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n";
-    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
-  }
   else {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n";
diff --git a/modules/story/story.module b/modules/story/story.module
index e73461262cb1..2a14200fc64b 100644
--- a/modules/story/story.module
+++ b/modules/story/story.module
@@ -79,8 +79,6 @@ function story_form($edit = array()) {
     $output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
   }
 
-  $duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
-
   if (!$edit) {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
   }
@@ -92,10 +90,6 @@ function story_form($edit = array()) {
     $output .= "<FONT COLOR=\"red\">". t("Warning: you did not supply an abstract.") ."</FONT><P>\n";
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
   }
-  else if (!$edit[nid] && $duplicate) {
-    $output .= "<FONT COLOR=\"red\">". t("Warning: there is already a story with that subject.") ."</FONT><P>\n";
-    $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
-  }
   else {
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
     $output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Submit") ."\">\n";
-- 
GitLab