From fa97839088dd0de1df73a990255edce7eddf90d9 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 21 Nov 2004 08:25:17 +0000
Subject: [PATCH] - Patch 13180 by chx: renamed check_query() to
db_escape_string() and implemtented it properly per database backend.
Read the manual for pg_escape_string: "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
---
includes/bootstrap.inc | 7 -------
includes/common.inc | 2 +-
includes/database.mysql.inc | 17 ++++++++++++-----
includes/database.pear.inc | 17 ++++++++++++-----
includes/database.pgsql.inc | 18 +++++++++++++-----
includes/locale.inc | 10 +++++-----
includes/tablesort.inc | 4 ++--
modules/book.module | 2 +-
modules/book/book.module | 2 +-
modules/comment.module | 14 +++++++-------
modules/comment/comment.module | 14 +++++++-------
modules/forum.module | 4 ++--
modules/forum/forum.module | 4 ++--
modules/locale.module | 6 +++---
modules/locale/locale.module | 6 +++---
modules/node.module | 6 +++---
modules/node/node.module | 6 +++---
modules/profile.module | 4 ++--
modules/profile/profile.module | 4 ++--
modules/statistics.module | 14 +++++++-------
modules/statistics/statistics.module | 14 +++++++-------
modules/taxonomy.module | 4 ++--
modules/taxonomy/taxonomy.module | 4 ++--
modules/user.module | 4 ++--
modules/user/user.module | 4 ++--
modules/watchdog.module | 2 +-
modules/watchdog/watchdog.module | 2 +-
27 files changed, 105 insertions(+), 90 deletions(-)
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 3712607d621f..b1da3b337f5c 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -345,13 +345,6 @@ function arg($index) {
}
}
-/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- */
-function check_query($text) {
- return addslashes($text);
-}
-
/**
* Prepare user input for use in a URI.
*
diff --git a/includes/common.inc b/includes/common.inc
index e53865ee4e5d..dc72c88b9a24 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -228,7 +228,7 @@ function drupal_goto($path = '', $query = NULL, $fragment = NULL) {
*/
function drupal_not_found() {
header('HTTP/1.0 404 Not Found');
- watchdog('httpd', t('404 error: %page not found.', array('%page' => '<em>'. check_query($_GET['q']) .'</em>')));
+ watchdog('httpd', t('404 error: %page not found.', array('%page' => '<em>'. db_escape_string($_GET['q']) .'</em>')));
$path = drupal_get_normal_path(variable_get('site_404', ''));
$status = MENU_NOT_FOUND;
diff --git a/includes/database.mysql.inc b/includes/database.mysql.inc
index e3c46557db02..dbae5254d2f6 100644
--- a/includes/database.mysql.inc
+++ b/includes/database.mysql.inc
@@ -55,11 +55,11 @@ function db_query($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs));
@@ -79,11 +79,11 @@ function db_queryd($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs), 1);
@@ -248,7 +248,7 @@ function db_query_range($query) {
$count = array_pop($args);
$from = array_pop($args);
if (count(func_get_args()) > 3) {
- $args = array_map('check_query', $args);
+ $args = array_map('db_escape_string', $args);
$query = db_prefix_tables($query);
$args[0] = $query;
$query = call_user_func_array('sprintf', $args);
@@ -285,6 +285,13 @@ function db_decode_blob($data) {
return $data;
}
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($text) {
+ return addslashes($text);
+}
+
/**
* @} End of "ingroup database".
*/
diff --git a/includes/database.pear.inc b/includes/database.pear.inc
index fc8da8f91d99..f06db36a419b 100644
--- a/includes/database.pear.inc
+++ b/includes/database.pear.inc
@@ -45,11 +45,11 @@ function db_query($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs));
@@ -69,11 +69,11 @@ function db_queryd($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs), 1);
@@ -252,7 +252,7 @@ function db_query_range($query) {
$count = array_pop($args);
$from = array_pop($args);
if (count(func_get_args()) > 3) {
- $args = array_map('check_query', $args);
+ $args = array_map('db_escape_string', $args);
$query = db_prefix_tables($query);
$args[0] = $query;
$result = $active_db->limitQuery(call_user_func_array('sprintf', $args), $from, $count);
@@ -278,4 +278,11 @@ function db_query_range($query) {
}
}
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($text) {
+ return addslashes($text);
+}
+
?>
diff --git a/includes/database.pgsql.inc b/includes/database.pgsql.inc
index 3829b0920dfa..2d5399018ae2 100644
--- a/includes/database.pgsql.inc
+++ b/includes/database.pgsql.inc
@@ -51,11 +51,11 @@ function db_query($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs));
@@ -75,11 +75,11 @@ function db_queryd($query) {
$query = db_prefix_tables($query);
if (count($args) > 1) {
if(is_array($args[1])){
- $args1 = array_map('check_query', $args[1]);
+ $args1 = array_map('db_escape_string', $args[1]);
$nargs = array_merge(array($query), $args1);
}
else {
- $nargs = array_map('check_query', $args);
+ $nargs = array_map('db_escape_string', $args);
$nargs[0] = $query;
}
return _db_query(call_user_func_array('sprintf', $nargs), 1);
@@ -242,7 +242,7 @@ function db_query_range($query) {
$count = array_pop($args);
$from = array_pop($args);
if (count(func_get_args()) > 3) {
- $args = array_map('check_query', $args);
+ $args = array_map('db_escape_string', $args);
$query = db_prefix_tables($query);
$args[0] = $query;
$query = call_user_func_array('sprintf', $args);
@@ -279,6 +279,14 @@ function db_decode_blob($data) {
return stripcslashes($data);
}
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ * Note: This function requires PostgreSQL 7.2 or later.
+ */
+function db_escape_string($text) {
+ return pg_escape_string($text);
+}
+
/**
* @} End of "ingroup database".
*/
diff --git a/includes/locale.inc b/includes/locale.inc
index 8a79b3dc9546..b68d38a139de 100644
--- a/includes/locale.inc
+++ b/includes/locale.inc
@@ -1012,16 +1012,16 @@ function _locale_string_seek() {
// Compute LIKE section
switch ($query->searchin) {
case 'translated':
- $where = "WHERE (t.translation LIKE '%". check_query($query->string) ."%' AND t.translation != '')";
+ $where = "WHERE (t.translation LIKE '%". db_escape_string($query->string) ."%' AND t.translation != '')";
$orderby = "ORDER BY t.translation";
break;
case 'untranslated':
- $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' AND t.translation = '')";
+ $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' AND t.translation = '')";
$orderby = "ORDER BY s.source";
break;
case 'all' :
default:
- $where = "WHERE (s.source LIKE '%". check_query($query->string) ."%' OR t.translation LIKE '%". check_query($query->string) ."%')";
+ $where = "WHERE (s.source LIKE '%". db_escape_string($query->string) ."%' OR t.translation LIKE '%". db_escape_string($query->string) ."%')";
$orderby = '';
break;
}
@@ -1029,7 +1029,7 @@ function _locale_string_seek() {
switch ($query->language) {
// Force search in source strings
case "en":
- $sql = $join ." WHERE s.source LIKE '%". check_query($query->string) ."%' ORDER BY s.source";
+ $sql = $join ." WHERE s.source LIKE '%". db_escape_string($query->string) ."%' ORDER BY s.source";
break;
// Search in all languages
case "all":
@@ -1037,7 +1037,7 @@ function _locale_string_seek() {
break;
// Some different language
default:
- $sql = "$join $where AND t.locale = '". check_query($query->language) ."' $orderby";
+ $sql = "$join $where AND t.locale = '". db_escape_string($query->language) ."' $orderby";
}
$result = pager_query($sql, 50);
diff --git a/includes/tablesort.inc b/includes/tablesort.inc
index 43edc5fc3958..6be5a5540fb8 100644
--- a/includes/tablesort.inc
+++ b/includes/tablesort.inc
@@ -51,8 +51,8 @@ function tablesort_pager() {
function tablesort_sql($header, $before = '') {
$ts = tablesort_init($header);
if ($ts['sql']) {
- $sql = check_query($ts['sql']);
- $sort = strtoupper(check_query($ts['sort']));
+ $sql = db_escape_string($ts['sql']);
+ $sort = strtoupper(db_escape_string($ts['sort']));
return " ORDER BY $before $sql $sort";
}
}
diff --git a/modules/book.module b/modules/book.module
index 5f5400a9c24a..8601c973eef5 100644
--- a/modules/book.module
+++ b/modules/book.module
@@ -226,7 +226,7 @@ function book_form(&$node) {
global $user;
$op = $_POST['op'];
-
+
$output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.'));
if (function_exists('taxonomy_node_form')) {
diff --git a/modules/book/book.module b/modules/book/book.module
index 5f5400a9c24a..8601c973eef5 100644
--- a/modules/book/book.module
+++ b/modules/book/book.module
@@ -226,7 +226,7 @@ function book_form(&$node) {
global $user;
$op = $_POST['op'];
-
+
$output = form_select(t('Parent'), 'parent', ($node->parent ? $node->parent : arg(4)), book_toc($node->nid), t('The parent that this page belongs in. Note that pages whose parent is <top-level> are regarded as independent, top-level books.'));
if (function_exists('taxonomy_node_form')) {
diff --git a/modules/comment.module b/modules/comment.module
index dc37ab5bbef2..fcf05d73a1d7 100644
--- a/modules/comment.module
+++ b/modules/comment.module
@@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) {
else {
// Multiple comment view
- $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";
+ $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0";
$query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
@@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) {
}
// Start a form, for use with comment control and moderation.
- $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'");
+ $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'");
if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
$output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
$output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
@@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') {
);
$status = ($type == 'approval') ? 1 : 0;
- $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status);
+ $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status);
$sql .= tablesort_sql($header);
$result = pager_query($sql, 50);
@@ -1276,10 +1276,10 @@ function comment_moderate() {
}
function comment_save_settings() {
- $mode = check_query($_POST['mode']);
- $order = check_query($_POST['order']);
- $threshold = check_query($_POST['threshold']);
- $comments_per_page = check_query($_POST['comments_per_page']);
+ $mode = db_escape_string($_POST['mode']);
+ $order = db_escape_string($_POST['order']);
+ $threshold = db_escape_string($_POST['threshold']);
+ $comments_per_page = db_escape_string($_POST['comments_per_page']);
global $user;
$edit = $_POST['edit'];
diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index dc37ab5bbef2..fcf05d73a1d7 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -751,7 +751,7 @@ function comment_render($node, $cid = 0) {
else {
// Multiple comment view
- $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". check_query($nid) ."' AND c.status = 0";
+ $query .= "SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name , c.mail, c.homepage, u.uid, u.name AS registered_name, u.picture, u.data, c.score, c.users, c.thread FROM {comments} c INNER JOIN {users} u ON c.uid = u.uid WHERE c.nid = '". db_escape_string($nid) ."' AND c.status = 0";
$query .= ' GROUP BY c.cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, u.picture, c.homepage, u.uid, u.name, u.picture, u.data, c.score, c.users, c.thread';
@@ -843,7 +843,7 @@ function comment_render($node, $cid = 0) {
}
// Start a form, for use with comment control and moderation.
- $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". check_query($nid) ."'");
+ $result = pager_query($query, $comments_per_page, 0, "SELECT COUNT(*) FROM {comments} WHERE nid = '". db_escape_string($nid) ."'");
if (db_num_rows($result) && (variable_get('comment_controls', 0) == 0 || variable_get('comment_controls', 0) == 2)) {
$output .= '<form method="post" action="'. url('comment') ."\"><div>\n";
$output .= theme('comment_controls', $threshold, $mode, $order, $comments_per_page);
@@ -1001,7 +1001,7 @@ function comment_admin_overview($type = 'new') {
);
$status = ($type == 'approval') ? 1 : 0;
- $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. check_query($status);
+ $sql = 'SELECT c.subject, c.nid, c.cid, c.comment, c.timestamp, c.status, c.name, c.homepage, u.name AS registered_name, u.uid FROM {comments} c INNER JOIN {users} u ON u.uid = c.uid WHERE c.status = '. db_escape_string($status);
$sql .= tablesort_sql($header);
$result = pager_query($sql, 50);
@@ -1276,10 +1276,10 @@ function comment_moderate() {
}
function comment_save_settings() {
- $mode = check_query($_POST['mode']);
- $order = check_query($_POST['order']);
- $threshold = check_query($_POST['threshold']);
- $comments_per_page = check_query($_POST['comments_per_page']);
+ $mode = db_escape_string($_POST['mode']);
+ $order = db_escape_string($_POST['order']);
+ $threshold = db_escape_string($_POST['threshold']);
+ $comments_per_page = db_escape_string($_POST['comments_per_page']);
global $user;
$edit = $_POST['edit'];
diff --git a/modules/forum.module b/modules/forum.module
index d19961328ccb..1143e21cabef 100644
--- a/modules/forum.module
+++ b/modules/forum.module
@@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) {
// This query does not use full ANSI syntax since MySQL 3.x does not support
// table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria
- // used to join node_comment_statistics to users
+ // used to join node_comment_statistics to users.
$topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1));
$last_post->timestamp = $topic->last_comment_timestamp;
$last_post->name = $topic->last_comment_name;
@@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
}
$term = taxonomy_get_term($tid);
- $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL';
+ $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL';
$sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql();
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
diff --git a/modules/forum/forum.module b/modules/forum/forum.module
index d19961328ccb..1143e21cabef 100644
--- a/modules/forum/forum.module
+++ b/modules/forum/forum.module
@@ -380,7 +380,7 @@ function forum_get_forums($tid = 0) {
// This query does not use full ANSI syntax since MySQL 3.x does not support
// table1 INNER JOIN table2 INNER JOIN table3 ON table2_criteria ON table3_criteria
- // used to join node_comment_statistics to users
+ // used to join node_comment_statistics to users.
$topic = db_fetch_object(db_query_range('SELECT DISTINCT(n.nid), l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid FROM {node} n ' . node_access_join_sql() . ", {node_comment_statistics} l /*! USE INDEX (node_comment_timestamp) */, {users} cu, {term_node} r WHERE n.nid = r.nid AND r.tid = %d AND n.status = 1 AND n.type = 'forum' AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND " . node_access_where_sql() . ' ORDER BY l.last_comment_timestamp DESC', $forum->tid, 0, 1));
$last_post->timestamp = $topic->last_comment_timestamp;
$last_post->name = $topic->last_comment_name;
@@ -422,7 +422,7 @@ function forum_get_topics($tid, $sortby, $forum_per_page) {
}
$term = taxonomy_get_term($tid);
- $check_tid = $tid ? "'". check_query($tid) ."'" : 'NULL';
+ $check_tid = $tid ? "'". db_escape_string($tid) ."'" : 'NULL';
$sql = "SELECT DISTINCT(n.nid), f.tid, n.title, n.sticky, u.name, u.uid, n.created AS timestamp, n.comment AS comment_mode, l.last_comment_timestamp, IF(l.last_comment_uid, cu.name, l.last_comment_name) as last_comment_name, l.last_comment_uid, l.comment_count AS num_comments FROM {node} n ". node_access_join_sql() .", {node_comment_statistics} l, {users} cu, {term_node} r, {users} u, {forum} f WHERE n.status = 1 AND l.last_comment_uid = cu.uid AND n.nid = l.nid AND n.nid = r.nid AND r.tid = $check_tid AND n.uid = u.uid AND n.nid = f.nid AND ". node_access_where_sql();
$sql .= tablesort_sql($forum_topic_list_header, 'n.sticky DESC,');
diff --git a/modules/locale.module b/modules/locale.module
index f828f86eb277..f6be43d652e0 100644
--- a/modules/locale.module
+++ b/modules/locale.module
@@ -428,11 +428,11 @@ function locale_admin_string() {
switch ($op) {
case 'delete':
- $output .= _locale_string_delete(check_query(arg(4)));
+ $output .= _locale_string_delete(db_escape_string(arg(4)));
$output .= _locale_string_seek();
break;
case 'edit':
- $output .= _locale_string_edit(check_query(arg(4)));
+ $output .= _locale_string_edit(db_escape_string(arg(4)));
$output .= _locale_string_seek();
break;
case t('Search'):
@@ -441,7 +441,7 @@ function locale_admin_string() {
$output .= _locale_string_seek_form();
break;
case t('Save translations'):
- $output .= _locale_string_save(check_query(arg(4)));
+ $output .= _locale_string_save(db_escape_string(arg(4)));
drupal_goto('admin/locale/string/search');
break;
default:
diff --git a/modules/locale/locale.module b/modules/locale/locale.module
index f828f86eb277..f6be43d652e0 100644
--- a/modules/locale/locale.module
+++ b/modules/locale/locale.module
@@ -428,11 +428,11 @@ function locale_admin_string() {
switch ($op) {
case 'delete':
- $output .= _locale_string_delete(check_query(arg(4)));
+ $output .= _locale_string_delete(db_escape_string(arg(4)));
$output .= _locale_string_seek();
break;
case 'edit':
- $output .= _locale_string_edit(check_query(arg(4)));
+ $output .= _locale_string_edit(db_escape_string(arg(4)));
$output .= _locale_string_seek();
break;
case t('Search'):
@@ -441,7 +441,7 @@ function locale_admin_string() {
$output .= _locale_string_seek_form();
break;
case t('Save translations'):
- $output .= _locale_string_save(check_query(arg(4)));
+ $output .= _locale_string_save(db_escape_string(arg(4)));
drupal_goto('admin/locale/string/search');
break;
default:
diff --git a/modules/node.module b/modules/node.module
index 76270f76e894..f56379f046fb 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) {
// Turn the conditions into a query.
foreach ($conditions as $key => $value) {
- $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'";
+ $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'";
}
// Retrieve the node.
@@ -452,7 +452,7 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
- $k[] = check_query($key);
+ $k[] = db_escape_string($key);
$v[] = $value;
$s[] = "'%s'";
}
@@ -478,7 +478,7 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
- $q[] = check_query($key) ." = '%s'";
+ $q[] = db_escape_string($key) ." = '%s'";
$v[] = $value;
}
}
diff --git a/modules/node/node.module b/modules/node/node.module
index 76270f76e894..f56379f046fb 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -386,7 +386,7 @@ function node_load($conditions, $revision = NULL, $reset = NULL) {
// Turn the conditions into a query.
foreach ($conditions as $key => $value) {
- $cond[] = 'n.'. check_query($key) ." = '". check_query($value) ."'";
+ $cond[] = 'n.'. db_escape_string($key) ." = '". db_escape_string($value) ."'";
}
// Retrieve the node.
@@ -452,7 +452,7 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
- $k[] = check_query($key);
+ $k[] = db_escape_string($key);
$v[] = $value;
$s[] = "'%s'";
}
@@ -478,7 +478,7 @@ function node_save($node) {
// Prepare the query:
foreach ($node as $key => $value) {
if (in_array($key, $fields)) {
- $q[] = check_query($key) ." = '%s'";
+ $q[] = db_escape_string($key) ." = '%s'";
$v[] = $value;
}
}
diff --git a/modules/profile.module b/modules/profile.module
index 3bf611a03238..44d283167742 100644
--- a/modules/profile.module
+++ b/modules/profile.module
@@ -86,10 +86,10 @@ function profile_browse() {
$query = 'v.value = 1';
break;
case 'selection':
- $query = "v.value = '". check_query($value) ."'";
+ $query = "v.value = '". db_escape_string($value) ."'";
break;
case 'list':
- $query = "v.value LIKE '%%". check_query($value) ."%%'";
+ $query = "v.value LIKE '%%". db_escape_string($value) ."%%'";
break;
default:
drupal_not_found();
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 3bf611a03238..44d283167742 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -86,10 +86,10 @@ function profile_browse() {
$query = 'v.value = 1';
break;
case 'selection':
- $query = "v.value = '". check_query($value) ."'";
+ $query = "v.value = '". db_escape_string($value) ."'";
break;
case 'list':
- $query = "v.value LIKE '%%". check_query($value) ."%%'";
+ $query = "v.value LIKE '%%". db_escape_string($value) ."%%'";
break;
default:
drupal_not_found();
diff --git a/modules/statistics.module b/modules/statistics.module
index a384b40768ea..568ee805b45c 100644
--- a/modules/statistics.module
+++ b/modules/statistics.module
@@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) {
// retrieve recent access logs for specific user $id
$user = user_load(array('uid' => $id));
$page_title = t('Recent hits for "%username"', array('%username' => $user->name));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'";
}
else {
// retrieve recent access logs for all users (not guests)
@@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) {
case 'page':
// retrieve recent access logs for title $id
$page_title = t('Recent hits for "%title"', array('%title' => $id));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'";
break;
case 'host':
// retrieve recent access logs for hostname $id
$page_title = t('Recent hits for "%hostname"', array('%hostname' => $id));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'";
break;
case 'all':
default:
@@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') {
$describe = t('Top referrers in the past %interval');
}
elseif ($view == 'internal') {
- $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url";
- $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'";
+ $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url";
+ $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$describe = t('Top internal referrers in the past %interval');
}
else {
/* default to external */
- $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
- $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'";
+ $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
+ $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$describe = t('Top external referrers in the past %interval');
}
diff --git a/modules/statistics/statistics.module b/modules/statistics/statistics.module
index a384b40768ea..568ee805b45c 100644
--- a/modules/statistics/statistics.module
+++ b/modules/statistics/statistics.module
@@ -207,7 +207,7 @@ function statistics_admin_displaylog($type = 'all', $id = 0) {
// retrieve recent access logs for specific user $id
$user = user_load(array('uid' => $id));
$page_title = t('Recent hits for "%username"', array('%username' => $user->name));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE uid = \''. db_escape_string($id) ."'";
}
else {
// retrieve recent access logs for all users (not guests)
@@ -218,12 +218,12 @@ function statistics_admin_displaylog($type = 'all', $id = 0) {
case 'page':
// retrieve recent access logs for title $id
$page_title = t('Recent hits for "%title"', array('%title' => $id));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp FROM {accesslog} WHERE title = \''. db_escape_string($id) ."'";
break;
case 'host':
// retrieve recent access logs for hostname $id
$page_title = t('Recent hits for "%hostname"', array('%hostname' => $id));
- $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. check_query($id) ."'";
+ $sql = 'SELECT title, path, url, hostname, uid, timestamp, title FROM {accesslog} WHERE hostname = \''. db_escape_string($id) ."'";
break;
case 'all':
default:
@@ -380,14 +380,14 @@ function statistics_top_referrers($view = 'all') {
$describe = t('Top referrers in the past %interval');
}
elseif ($view == 'internal') {
- $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' GROUP BY url";
- $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'";
+ $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' GROUP BY url";
+ $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$describe = t('Top internal referrers in the past %interval');
}
else {
/* default to external */
- $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
- $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". check_query($_SERVER['HTTP_HOST']) ."%'";
+ $query = "SELECT url, MAX(timestamp) AS last_hit, COUNT(url) AS hits FROM {accesslog} WHERE url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%' AND url <> '' GROUP BY url";
+ $query_cnt = "SELECT COUNT(DISTINCT(url)) FROM {accesslog} WHERE url <> '' AND url NOT LIKE '%". db_escape_string($_SERVER['HTTP_HOST']) ."%'";
$describe = t('Top external referrers in the past %interval');
}
diff --git a/modules/taxonomy.module b/modules/taxonomy.module
index 42ece7d17138..6ef41d12b11c 100644
--- a/modules/taxonomy.module
+++ b/modules/taxonomy.module
@@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') {
function _taxonomy_prepare_update($data) {
foreach ($data as $key => $value) {
- $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'";
+ $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'";
}
$result = implode(', ', $q);
return $result;
@@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) {
}
else {
foreach (array_values($data) as $value) {
- $q[] = "'". str_replace('%', '%%', check_query($value)) ."'";
+ $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'";
}
$result = implode(', ', $q);
}
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index 42ece7d17138..6ef41d12b11c 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -773,7 +773,7 @@ function _taxonomy_depth($depth, $graphic = '--') {
function _taxonomy_prepare_update($data) {
foreach ($data as $key => $value) {
- $q[] = "$key = '". str_replace('%', '%%', check_query($value)) ."'";
+ $q[] = "$key = '". str_replace('%', '%%', db_escape_string($value)) ."'";
}
$result = implode(', ', $q);
return $result;
@@ -785,7 +785,7 @@ function _taxonomy_prepare_insert($data, $stage) {
}
else {
foreach (array_values($data) as $value) {
- $q[] = "'". str_replace('%', '%%', check_query($value)) ."'";
+ $q[] = "'". str_replace('%', '%%', db_escape_string($value)) ."'";
}
$result = implode(', ', $q);
}
diff --git a/modules/user.module b/modules/user.module
index 390eb075edd0..f9337d1d3a24 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') {
// because we don't have a fully initialized user object yet.
foreach ($array as $key => $value) {
if ($key == 'pass') {
- $fields[] = check_query($key);
+ $fields[] = db_escape_string($key);
$values[] = md5($value);
$s[] = "'%s'";
}
else if (substr($key, 0, 4) !== 'auth') {
if (in_array($key, $user_fields)) {
- $fields[] = check_query($key);
+ $fields[] = db_escape_string($key);
$values[] = $value;
$s[] = "'%s'";
}
diff --git a/modules/user/user.module b/modules/user/user.module
index 390eb075edd0..f9337d1d3a24 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -152,13 +152,13 @@ function user_save($account, $array = array(), $category = 'account') {
// because we don't have a fully initialized user object yet.
foreach ($array as $key => $value) {
if ($key == 'pass') {
- $fields[] = check_query($key);
+ $fields[] = db_escape_string($key);
$values[] = md5($value);
$s[] = "'%s'";
}
else if (substr($key, 0, 4) !== 'auth') {
if (in_array($key, $user_fields)) {
- $fields[] = check_query($key);
+ $fields[] = db_escape_string($key);
$values[] = $value;
$s[] = "'%s'";
}
diff --git a/modules/watchdog.module b/modules/watchdog.module
index 6aebf299cbd9..75ee5ef4c4af 100644
--- a/modules/watchdog.module
+++ b/modules/watchdog.module
@@ -83,7 +83,7 @@ function watchdog_cron() {
*/
function watchdog_overview($type = '') {
foreach (_watchdog_get_message_types() as $key) {
- $query[$key] = "WHERE type = '". check_query($key) ."'";
+ $query[$key] = "WHERE type = '". db_escape_string($key) ."'";
}
$header = array(
diff --git a/modules/watchdog/watchdog.module b/modules/watchdog/watchdog.module
index 6aebf299cbd9..75ee5ef4c4af 100644
--- a/modules/watchdog/watchdog.module
+++ b/modules/watchdog/watchdog.module
@@ -83,7 +83,7 @@ function watchdog_cron() {
*/
function watchdog_overview($type = '') {
foreach (_watchdog_get_message_types() as $key) {
- $query[$key] = "WHERE type = '". check_query($key) ."'";
+ $query[$key] = "WHERE type = '". db_escape_string($key) ."'";
}
$header = array(
--
GitLab