Commit 0bd25284 authored by Steven Wittens's avatar Steven Wittens

- Fixed security issue: unchecked form-data in a db-query (line 82)

- Fixed bug: the module now checks only against other *stories* (instead of nodes) with the same title.
parent 534c00f9
......@@ -79,7 +79,7 @@ function story_form($edit = array()) {
$output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
}
$duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
$duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
if (!$edit) {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
......
......@@ -79,7 +79,7 @@ function story_form($edit = array()) {
$output .= "<INPUT TYPE=\"hidden\" NAME=\"edit[nid]\" VALUE=\"$edit[nid]\">\n";
}
$duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '$title'"));
$duplicate = db_result(db_query("SELECT COUNT(nid) FROM node WHERE title = '". check_input($title) ."' AND type = 'story'"));
if (!$edit) {
$output .= "<INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"". t("Preview") ."\">\n";
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment