From c27b62b182dab9ef0f301b2caf94962c59c20909 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Thu, 5 Jan 2006 23:35:34 +0000
Subject: [PATCH] - #41940: Locale string search broken in some cases (and
remove some inappropriate db_escape_string() usage) - #43491: Missing
drupal_goto() after saving settings
---
includes/locale.inc | 21 ++++++++++++++-------
modules/locale.module | 6 +++---
modules/locale/locale.module | 6 +++---
modules/node.module | 12 ++++++++----
modules/node/node.module | 12 ++++++++----
modules/system.module | 1 +
modules/system/system.module | 1 +
modules/watchdog.module | 15 ++++++++++-----
modules/watchdog/watchdog.module | 15 ++++++++++-----
9 files changed, 58 insertions(+), 31 deletions(-)
diff --git a/includes/locale.inc b/includes/locale.inc
index c817e86733b3..93441362124d 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -984,7 +984,7 @@ function _locale_string_edit($lid) {
: array('#type' => 'textfield', '#title' => $languages['name'][$translation->locale], '#default_value' => $translation->translation);
unset($languages['name'][$translation->locale]);
}
- $form['item'] = array('#type' => 'item', '#title' => t('Original text'), '#value' => wordwrap(check_plain($orig, 0)));
+ $form['item'] = array('#type' => 'item', '#title' => t('Original text'), '#value' => check_plain(wordwrap($orig, 0)));
foreach ($languages['name'] as $key => $lang) {
$form[$key] = (strlen($orig) > 40) ?
array('#type' => 'textarea', '#title' => $lang, '#rows' => 15) :
@@ -1047,27 +1047,33 @@ function _locale_string_seek() {
if ($query = _locale_string_seek_query()) {
$join = "SELECT s.source, s.location, s.lid, t.translation, t.locale FROM {locales_source} s INNER JOIN {locales_target} t ON s.lid = t.lid ";
+ $arguments = array();
// Compute LIKE section
switch ($query->searchin) {
case 'translated':
- $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')";
+ $where = "WHERE (t.translation LIKE '%%%s%%' AND t.translation != '')";
$orderby = "ORDER BY t.translation";
+ $arguments[] = $query->string;
break;
case 'untranslated':
- $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')";
+ $where = "WHERE (s.source LIKE '%%%s%%' AND t.translation = '')";
$orderby = "ORDER BY s.source";
+ $arguments[] = $query->string;
break;
case 'all' :
default:
- $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')";
+ $where = "WHERE (s.source LIKE '%%%s%%' OR t.translation LIKE '%%%s%%')";
$orderby = '';
+ $arguments[] = $query->string;
+ $arguments[] = $query->string;
break;
}
switch ($query->language) {
// Force search in source strings
case "en":
- $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source";
+ $sql = $join ." WHERE s.source LIKE '%%%s%%' ORDER BY s.source";
+ $arguments = array($query->string); // $where is not used, discard its arguments
break;
// Search in all languages
case "all":
@@ -1075,10 +1081,11 @@ function _locale_string_seek() {
break;
// Some different language
default:
- $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby";
+ $sql = "$join $where AND t.locale = '%s' $orderby";
+ $arguments[] = $query->language;
}
- $result = pager_query($sql, 50);
+ $result = pager_query($sql, 50, 0, NULL, $arguments);
$header = array(t('String'), t('Locales'), array('data' => t('Operations'), 'colspan' => '2'));
$arr = array();
diff --git a/modules/locale.module b/modules/locale.module
index 4050c6acf5ec..86dcc5d4be13 100644
--- a/modules/locale.module
+++ b/modules/locale.module
@@ -438,11 +438,11 @@ function locale_admin_string() {
switch ($op) {
case 'delete':
- $output .= _locale_string_delete(db_escape_string(arg(4)));
+ $output .= _locale_string_delete(arg(4));
$output .= _locale_string_seek();
break;
case 'edit':
- $output .= _locale_string_edit(db_escape_string(arg(4)));
+ $output .= _locale_string_edit(arg(4));
$output .= _locale_string_seek();
break;
case t('Search'):
@@ -451,7 +451,7 @@ function locale_admin_string() {
$output .= _locale_string_seek_form();
break;
case t('Save translations'):
- $output .= _locale_string_save(db_escape_string(arg(4)));
+ $output .= _locale_string_save(arg(4));
drupal_goto('admin/locale/string/search');
break;
default:
diff --git a/modules/locale/locale.module b/modules/locale/locale.module
index 4050c6acf5ec..86dcc5d4be13 100644
--- a/modules/locale/locale.module
+++ b/modules/locale/locale.module
@@ -438,11 +438,11 @@ function locale_admin_string() {
switch ($op) {
case 'delete':
- $output .= _locale_string_delete(db_escape_string(arg(4)));
+ $output .= _locale_string_delete(arg(4));
$output .= _locale_string_seek();
break;
case 'edit':
- $output .= _locale_string_edit(db_escape_string(arg(4)));
+ $output .= _locale_string_edit(arg(4));
$output .= _locale_string_seek();
break;
case t('Search'):
@@ -451,7 +451,7 @@ function locale_admin_string() {
$output .= _locale_string_seek_form();
break;
case t('Save translations'):
- $output .= _locale_string_save(db_escape_string(arg(4)));
+ $output .= _locale_string_save(arg(4));
drupal_goto('admin/locale/string/search');
break;
default:
diff --git a/modules/node.module b/modules/node.module
index eb243ef754d5..685509cf36da 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -345,27 +345,31 @@ function node_load($param = array(), $revision = NULL, $reset = NULL) {
$nodes = array();
}
+ $arguments = array();
if (is_numeric($param)) {
$cachable = $revision == NULL;
if ($cachable && isset($nodes[$param])) {
return $nodes[$param];
}
- $cond = 'n.nid = '. $param;
+ $cond = 'n.nid = %d';
+ $arguments[] = $param;
}
else {
// Turn the conditions into a query.
foreach ($param as $key => $value) {
- $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'";
+ $cond[] = 'n.'. db_escape_string($key) ." = '%s'";
+ $arguments[] = $value;
}
$cond = implode(' AND ', $cond);
}
// Retrieve the node.
if ($revision) {
- $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $revision));
+ array_unshift($arguments, $revision);
+ $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $arguments));
}
else {
- $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond)));
+ $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond), $arguments));
}
if ($node->nid) {
diff --git a/modules/node/node.module b/modules/node/node.module
index eb243ef754d5..685509cf36da 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -345,27 +345,31 @@ function node_load($param = array(), $revision = NULL, $reset = NULL) {
$nodes = array();
}
+ $arguments = array();
if (is_numeric($param)) {
$cachable = $revision == NULL;
if ($cachable && isset($nodes[$param])) {
return $nodes[$param];
}
- $cond = 'n.nid = '. $param;
+ $cond = 'n.nid = %d';
+ $arguments[] = $param;
}
else {
// Turn the conditions into a query.
foreach ($param as $key => $value) {
- $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'";
+ $cond[] = 'n.'. db_escape_string($key) ." = '%s'";
+ $arguments[] = $value;
}
$cond = implode(' AND ', $cond);
}
// Retrieve the node.
if ($revision) {
- $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $revision));
+ array_unshift($arguments, $revision);
+ $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, r.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.nid = n.nid AND r.vid = %d WHERE '. $cond), $arguments));
}
else {
- $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond)));
+ $node = db_fetch_object(db_query(db_rewrite_sql('SELECT n.nid, n.vid, n.type, n.status, n.created, n.changed, n.comment, n.promote, n.moderate, n.sticky, r.timestamp AS revision_timestamp, r.title, r.body, r.teaser, r.log, r.format, u.uid, u.name, u.picture, u.data FROM {node} n INNER JOIN {users} u ON u.uid = n.uid INNER JOIN {node_revisions} r ON r.vid = n.vid WHERE '. $cond), $arguments));
}
if ($node->nid) {
diff --git a/modules/system.module b/modules/system.module
index 8e7b857df744..a1e2ecf84bc8 100644
--- a/modules/system.module
+++ b/modules/system.module
@@ -783,6 +783,7 @@ function system_settings_form_submit($form_id, $values) {
if ($form_id == 'system_settings_form') {
menu_rebuild();
}
+ drupal_goto($_GET['q']);
}
/**
diff --git a/modules/system/system.module b/modules/system/system.module
index 8e7b857df744..a1e2ecf84bc8 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -783,6 +783,7 @@ function system_settings_form_submit($form_id, $values) {
if ($form_id == 'system_settings_form') {
menu_rebuild();
}
+ drupal_goto($_GET['q']);
}
/**
diff --git a/modules/watchdog.module b/modules/watchdog.module
index 3bab67c51bdc..4f19dce27bd4 100644
--- a/modules/watchdog.module
+++ b/modules/watchdog.module
@@ -71,10 +71,8 @@ function watchdog_overview() {
$classes = array(WATCHDOG_NOTICE => 'watchdog-notice', WATCHDOG_WARNING => 'watchdog-warning', WATCHDOG_ERROR => 'watchdog-error');
$names['all'] = t('all messages');
- $queries['all'] = '';
foreach (_watchdog_get_message_types() as $type) {
$names[$type] = t('%type messages', array('%type' => t($type)));
- $queries[$type] = "WHERE type = '". db_escape_string($type) ."'";
}
if (empty($_SESSION['watchdog_overview_filter'])) {
@@ -104,8 +102,16 @@ function watchdog_overview() {
array('data' => t('User'), 'field' => 'u.name'),
array('data' => t('Operations'))
);
- $sql = 'SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid '. $queries[$_SESSION['watchdog_overview_filter']] . tablesort_sql($header);
- $result = pager_query($sql, 50);
+
+ $sql = "SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid";
+ $tablesort = tablesort_sql($header);
+ $type = $_SESSION['watchdog_overview_filter'];
+ if ($type != 'all') {
+ $result = pager_query($sql ." WHERE w.type = '%s'". $tablesort, 50, 0, NULL, $type);
+ }
+ else {
+ $result = pager_query($sql . $tablesort, 50);
+ }
while ($watchdog = db_fetch_object($result)) {
$rows[] = array('data' =>
@@ -127,7 +133,6 @@ function watchdog_overview() {
$rows[] = array(array('data' => t('No log messages available.'), 'colspan' => 6));
}
-
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 50, 0, tablesort_pager());
diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module
index 3bab67c51bdc..4f19dce27bd4 100644
--- a/modules/watchdog/watchdog.module
+++ b/modules/watchdog/watchdog.module
@@ -71,10 +71,8 @@ function watchdog_overview() {
$classes = array(WATCHDOG_NOTICE => 'watchdog-notice', WATCHDOG_WARNING => 'watchdog-warning', WATCHDOG_ERROR => 'watchdog-error');
$names['all'] = t('all messages');
- $queries['all'] = '';
foreach (_watchdog_get_message_types() as $type) {
$names[$type] = t('%type messages', array('%type' => t($type)));
- $queries[$type] = "WHERE type = '". db_escape_string($type) ."'";
}
if (empty($_SESSION['watchdog_overview_filter'])) {
@@ -104,8 +102,16 @@ function watchdog_overview() {
array('data' => t('User'), 'field' => 'u.name'),
array('data' => t('Operations'))
);
- $sql = 'SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid '. $queries[$_SESSION['watchdog_overview_filter']] . tablesort_sql($header);
- $result = pager_query($sql, 50);
+
+ $sql = "SELECT w.*, u.name, u.uid FROM {watchdog} w INNER JOIN {users} u ON w.uid = u.uid";
+ $tablesort = tablesort_sql($header);
+ $type = $_SESSION['watchdog_overview_filter'];
+ if ($type != 'all') {
+ $result = pager_query($sql ." WHERE w.type = '%s'". $tablesort, 50, 0, NULL, $type);
+ }
+ else {
+ $result = pager_query($sql . $tablesort, 50);
+ }
while ($watchdog = db_fetch_object($result)) {
$rows[] = array('data' =>
@@ -127,7 +133,6 @@ function watchdog_overview() {
$rows[] = array(array('data' => t('No log messages available.'), 'colspan' => 6));
}
-
$output .= theme('table', $header, $rows);
$output .= theme('pager', NULL, 50, 0, tablesort_pager());
--
GitLab