Skip to content
Snippets Groups Projects
Commit 18160f02 authored by Kjartan Mannes's avatar Kjartan Mannes
Browse files

- Sanatize title before doing LIKE matches.

parent 2d7d796d
No related branches found
No related tags found
2 merge requests!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!789Issue #3210310: Adjust Database API to remove deprecated Drupal 9 code in Drupal 10
...@@ -26,6 +26,7 @@ function title_page() { ...@@ -26,6 +26,7 @@ function title_page() {
$title = urldecode(arg(1)); $title = urldecode(arg(1));
$result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title = '%s' AND n.status = 1 ORDER BY n.created DESC", $title); $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title = '%s' AND n.status = 1 ORDER BY n.created DESC", $title);
$title = trim(str_replace(array('_', '%', '*'), ' ', $title));
if (db_num_rows($result) == 0) { if (db_num_rows($result) == 0) {
// No node with exact title found, try substring. // No node with exact title found, try substring.
$result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title); $result = db_query("SELECT n.*, u.name, u.uid FROM {node} n INNER JOIN {users} u ON n.uid = u.uid WHERE n.title LIKE '%%%s%%' AND n.status = 1 ORDER BY n.created DESC", $title);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment