Commit 75512ae3 authored by Dries's avatar Dries

- Fixed the update path of user_save().  Patch by Gerhard. Tnx.
parent 3833e4de
...@@ -97,22 +97,25 @@ function user_save($account, $array = array()) { ...@@ -97,22 +97,25 @@ function user_save($account, $array = array()) {
$data = unserialize(db_result(db_query("SELECT data FROM {users} WHERE uid = %d", $account->uid))); $data = unserialize(db_result(db_query("SELECT data FROM {users} WHERE uid = %d", $account->uid)));
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if ($key == "pass") { if ($key == "pass") {
$query .= "$key = '". md5($value) ."', "; $query .= "$key = '%s', ";
$v[] = md5($value);
} }
else if (substr($key, 0, 4) !== "auth") { else if (substr($key, 0, 4) !== "auth") {
if (in_array($key, $user_fields)) { if (in_array($key, $user_fields)) {
// escape '%'s: // escape '%'s:
$value = str_replace("%", "%%", $value); $value = str_replace("%", "%%", $value);
$query .= "$key = '". check_query($value) ."', "; $query .= "$key = '%s', ";
$v[] = $value;
} }
else { else {
$data[$key] = $value; $data[$key] = $value;
} }
} }
} }
$query .= "data = '". check_query(serialize($data)) ."', "; $query .= "data = '%s', ";
$v[] = serialize($data);
db_query("UPDATE {users} SET $query timestamp = %d WHERE uid = %d", time(), $account->uid); db_query("UPDATE {users} SET $query timestamp = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid)));
$user = user_load(array("uid" => $account->uid)); $user = user_load(array("uid" => $account->uid));
} }
......
...@@ -97,22 +97,25 @@ function user_save($account, $array = array()) { ...@@ -97,22 +97,25 @@ function user_save($account, $array = array()) {
$data = unserialize(db_result(db_query("SELECT data FROM {users} WHERE uid = %d", $account->uid))); $data = unserialize(db_result(db_query("SELECT data FROM {users} WHERE uid = %d", $account->uid)));
foreach ($array as $key => $value) { foreach ($array as $key => $value) {
if ($key == "pass") { if ($key == "pass") {
$query .= "$key = '". md5($value) ."', "; $query .= "$key = '%s', ";
$v[] = md5($value);
} }
else if (substr($key, 0, 4) !== "auth") { else if (substr($key, 0, 4) !== "auth") {
if (in_array($key, $user_fields)) { if (in_array($key, $user_fields)) {
// escape '%'s: // escape '%'s:
$value = str_replace("%", "%%", $value); $value = str_replace("%", "%%", $value);
$query .= "$key = '". check_query($value) ."', "; $query .= "$key = '%s', ";
$v[] = $value;
} }
else { else {
$data[$key] = $value; $data[$key] = $value;
} }
} }
} }
$query .= "data = '". check_query(serialize($data)) ."', "; $query .= "data = '%s', ";
$v[] = serialize($data);
db_query("UPDATE {users} SET $query timestamp = %d WHERE uid = %d", time(), $account->uid); db_query("UPDATE {users} SET $query timestamp = %d WHERE uid = %d", array_merge($v, array(time(), $account->uid)));
$user = user_load(array("uid" => $account->uid)); $user = user_load(array("uid" => $account->uid));
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment