Commit c39562ae authored by Dries's avatar Dries

- Fixed node_save() and user_save() bug introduced by table prefix changes.
  Modified patches from Gerhard.

- Changed the order of the checks in node_teaser().  Patch from Kobus.
parent d1b175ce
......@@ -23,11 +23,18 @@ function db_connect($url) {
function db_query($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
$args = array_map("check_query", $args);
$args[0] = $query;
return _db_query(call_user_func_array("sprintf", $args));
if(is_array($args[1])){
$args1 = array_map("check_query", $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
$nargs = array_map("check_query", $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array("sprintf", $nargs));
}
else {
return _db_query($query);
......@@ -39,9 +46,15 @@ function db_queryd($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
$args = array_map("check_query", $args);
$args[0] = $query;
return _db_query(call_user_func_array("sprintf", $args), 1);
if(is_array($args[1])){
$args1 = array_map("check_query", $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
$nargs = array_map("check_query", $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array("sprintf", $nargs), 1);
}
else {
return _db_query($query, 1);
......
......@@ -25,11 +25,18 @@ function db_connect($url) {
function db_query($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
$args = array_map("check_query", $args);
$args[0] = $query;
return _db_query(call_user_func_array("sprintf", $args));
if(is_array($args[1])){
$args1 = array_map("check_query", $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
$nargs = array_map("check_query", $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array("sprintf", $nargs));
}
else {
return _db_query($query);
......@@ -41,9 +48,15 @@ function db_queryd($query) {
$args = func_get_args();
$query = db_prefix_tables($query);
if (count($args) > 1) {
$args = array_map("check_query", $args);
$args[0] = $query;
return _db_query(call_user_func_array("sprintf", $args), 1);
if(is_array($args[1])){
$args1 = array_map("check_query", $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
$nargs = array_map("check_query", $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array("sprintf", $nargs), 1);
}
else {
return _db_query($query, 1);
......
......@@ -126,14 +126,6 @@ function node_teaser($body) {
return $body;
}
/*
** If we have a short body, return the entire body:
*/
if (strlen($body) < $size) {
return $body;
}
/*
** If a valid delimiter has been specified, use it to
** chop of the teaser. The delimiter can be outside
......@@ -145,6 +137,14 @@ function node_teaser($body) {
return substr($body, 0, $delimiter);
}
/*
** If we have a short body, return the entire body:
*/
if (strlen($body) < $size) {
return $body;
}
/*
** In some cases no delimiter has been specified (eg.
** when posting using the Blogger API) in which case
......@@ -302,12 +302,17 @@ function node_save($node) {
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
$k[] = check_query($key);
$v[] = "'". check_query($value) ."'";
$v[] = $value;
$s[] = "'%s'";
}
}
$keysfmt = implode(", ", $s);
// need to quote the placeholders for the values
$valsfmt = "'". implode("', '", $s) ."'";
// Insert the node into the database:
db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")");
db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v);
// Call the node specific callback (if any):
node_invoke($node, "insert");
......@@ -325,12 +330,13 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
$q[] = check_query($key) ." = '". check_query($value) ."'";
$q[] = check_query($key) ." = '%s'";
$v[] = $value;
}
}
// Update the node in the database:
db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'");
db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v);
// Call the node specific callback (if any):
node_invoke($node, "update");
......
......@@ -126,14 +126,6 @@ function node_teaser($body) {
return $body;
}
/*
** If we have a short body, return the entire body:
*/
if (strlen($body) < $size) {
return $body;
}
/*
** If a valid delimiter has been specified, use it to
** chop of the teaser. The delimiter can be outside
......@@ -145,6 +137,14 @@ function node_teaser($body) {
return substr($body, 0, $delimiter);
}
/*
** If we have a short body, return the entire body:
*/
if (strlen($body) < $size) {
return $body;
}
/*
** In some cases no delimiter has been specified (eg.
** when posting using the Blogger API) in which case
......@@ -302,12 +302,17 @@ function node_save($node) {
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
$k[] = check_query($key);
$v[] = "'". check_query($value) ."'";
$v[] = $value;
$s[] = "'%s'";
}
}
$keysfmt = implode(", ", $s);
// need to quote the placeholders for the values
$valsfmt = "'". implode("', '", $s) ."'";
// Insert the node into the database:
db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES (". implode(", ", $v) .")");
db_query("INSERT INTO {node} (". implode(", ", $k) .") VALUES(". implode(", ", $s) .")", $v);
// Call the node specific callback (if any):
node_invoke($node, "insert");
......@@ -325,12 +330,13 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
$q[] = check_query($key) ." = '". check_query($value) ."'";
$q[] = check_query($key) ." = '%s'";
$v[] = $value;
}
}
// Update the node in the database:
db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'");
db_query("UPDATE {node} SET ". implode(", ", $q) ." WHERE nid = '$node->nid'", $v);
// Call the node specific callback (if any):
node_invoke($node, "update");
......
......@@ -122,12 +122,14 @@ function user_save($account, $array = array()) {
foreach ($array as $key => $value) {
if ($key == "pass") {
$fields[] = check_query($key);
$values[] = "'". md5($value) ."'";
$values[] = md5($value);
$s[] = "'%s'";
}
else if (substr($key, 0, 4) !== "auth") {
if (in_array($key, $user_fields)) {
$fields[] = check_query($key);
$values[] = "'". check_query($value) ."'";
$values[] = $value;
$s[] = "'%s'";
}
else {
$data[$key] = $value;
......@@ -136,9 +138,10 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". check_query(serialize($data)) ."'";
$values[] = serialize($data);
$s[] = "'%s'";
db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values);
$user = user_load(array("name" => $array["name"]));
}
......
......@@ -122,12 +122,14 @@ function user_save($account, $array = array()) {
foreach ($array as $key => $value) {
if ($key == "pass") {
$fields[] = check_query($key);
$values[] = "'". md5($value) ."'";
$values[] = md5($value);
$s[] = "'%s'";
}
else if (substr($key, 0, 4) !== "auth") {
if (in_array($key, $user_fields)) {
$fields[] = check_query($key);
$values[] = "'". check_query($value) ."'";
$values[] = $value;
$s[] = "'%s'";
}
else {
$data[$key] = $value;
......@@ -136,9 +138,10 @@ function user_save($account, $array = array()) {
}
$fields[] = "data";
$values[] = "'". check_query(serialize($data)) ."'";
$values[] = serialize($data);
$s[] = "'%s'";
db_query("INSERT INTO {users} (". implode(", ", $fields) .") VALUES (". implode(", ", $values) .")");
db_query("INSERT INTO {users} (". implde(", ", $fields) .") VALUES (". implde(", ", $s) .")", $values);
$user = user_load(array("name" => $array["name"]));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment