GitLab

   1. Fixed broken watchdog calls: two watchdog calls omitted the type parameter, and thus injected logs into the type field, instead of the message field.
   2. Removed t() functions from user contributed content.

- Patch #13581 by Steven: Db_query() allows a variable amount of parameters so you can pass the query arguments in. There is however an alternative syntax: instead of passing the query arguments as function arguments, you can also pass a single array with the query arguments in it. For example the following two statements are equivalent:

db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));

This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.

However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.

This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.

I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.

Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);

and

- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);

I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.

This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query.  This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself.  With the new, documented syntax, there is no more excuse to put data directly in the query.

- Patch #12555 by svemir: fixed problem with the 'Preview comment' button not being present when previews are optional.

- Patch #11977 by matteo: added extra DISTINCT()s to two SQL queries to make them work with node-level permissions.

- Patch #10697 by matteo: avoid that administrators can create nodes with the wrong node type.

- Fixed typo and reworded the filter.

- Beautified the contents of the table.

- Removed some dead code.

- Made it possible to sort the referrers by last visit.

- Changed aid from tinyint to int.

  changes are:

  1. Simplified the statistics pages: there are less pages and on the
     remaining pages there is a lot less visual clutter (less columns and
     better presentation).

  2. Reorganized the 'administer - logs' menu: flattened the menu structure
     and removed a number of links.

  3. Improved performance.  Most statistics pages used about 160 slow SQL
     queries which made the statistics pages fairly unusable on my system.
     The new pages use at least 10 times less SQL queries and render much
     faster.  They are actually usable.

  4. There is now a 'track'-tab on node pages, and a second subtrab on the
     user accounts 'track'-tab for people with the 'access statistics'
     permission.  They can be used to resp. track the node and the user.
     This makes the statistics more accessible.

  5. Changed the way watchdog messages are filtered.  This makes it easier
     to introduce new watchdog types.

  6. Reworked the statistics module's permissions.

  7. Less code: 223 insertions(+), 343 deletions(-).

  8. Fixed several glitches: for example, the statistics pages sorted the
     'Name' column by user ID instead of by name.  Unfortunately, it is
     too difficult to backport these to DRUPAL-4-5.

  TODO:

  1. Review the statistics modules help pages.

  2. Help fine-tune the interfaces/views.

  NOTES:

  1. You'll want to run update.php.

- Usability improvement: only display subtabs if there is more than one subtab.  If there is only one, make sure it is the set to be the default subtab and all is well.

- Patch #12606 by Gerhard: corrected the pattern of the download link in the installation instructions.

- Modified patch #11840 by Stefan: added conctext-sensitive help text to the 'revision'-page.

- Bug 13503: updating the locale settings might impact the interface (eg. menu's) so we have to flush the cache.

- Patch #5942 by TDobes: fixed theme stuff after multi-site configuration patch.

   + Make bootstrap functionality work with HEAD.
   + Move functions into bootstrap.inc so that statistics_exit() works for cached pages.  (Does this close any issues?)

- Patch #13443 by Moshe: got rid of the semi-implemented 'page link' feature. All themes currently support primary and secondary links so page links are now deprecated.  Check your contributed modules and update them accordingly.

- Patch #13443 by Moshe: got rid of the semi-implemented 'page link' feature. All themes currently support primary and secondary links so page links are now deprecated.  Check your contributed modules and update them accordingly.

    + added support for multi-site configurations.
    + tidied up some old cruft and added code comments.

- Patch #10990 by TDobes: adds a "create new blog entry" link at the top of each user's own blog page, similar to the "post new forum topic" link displayed at the top of forum pages. This adds consistency as well as convenience for users.

- Patch #6166 by Moshe: node preview should not display links.  Push the links to the theme instead of the theme having to pull them in using node_link().

  TODO:
    1. Update theme upgrade instructions in the handbook: node_link() is gone.
    2. Remove page_link() just like we removed node_link().

- Patch #12363: fixed glitch in user_access() as pointed out by TDobes.

- Patch #13334 by Axel: added a simple script to prefix a database scheme.

- Patch #13263 and #13265 by arnab: added word-based truncation and made the comment module use it to extract subjects.

- Removed hardcode font size from drupal.css as per #13095.

- Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.

  Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."

- Caching index statistics
- Minor code cleanup

- Patch #8506 by Gerhard: added basic node_load() caching.

- Adding the missing flood tables.  Sorry.

- Added generic flood control mechanism to throttle certain operations per hostname (eg. posting comments, requesting passwords, sending e-mails).  See flood_register_event() and flood_is_allowed() for details.