Commit 2c844401 authored by drumm's avatar drumm

Drupal 5.4.

parent e674486d
// $Id$ // $Id$
Drupal 5.4, xxxx-xx-xx Drupal 5.4, 2007-12-05
---------------------- ----------------------
- fixed a variety of small bugs.
- fixed a security issue (SQL injection), see SA-2007-031
Drupal 5.3, 2007-10-17 Drupal 5.3, 2007-10-17
---------------------- ----------------------
...@@ -101,6 +103,10 @@ Drupal 5.0, 2007-01-15 ...@@ -101,6 +103,10 @@ Drupal 5.0, 2007-01-15
* added nested lists generation. * added nested lists generation.
* added a self-clearing block class. * added a self-clearing block class.
Drupal 4.7.9, 2007-12-05
------------------------
- fixed a security issue (SQL injection), see SA-2007-031
Drupal 4.7.8, 2007-10-17 Drupal 4.7.8, 2007-10-17
------------------------ ------------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024 - fixed a security issue (HTTP response splitting), see SA-2007-024
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site. * Configuration system that lets administrators modify the workings of the site.
*/ */
define('VERSION', '5.4-dev'); define('VERSION', '5.4');
/** /**
* Implementation of hook_help(). * Implementation of hook_help().
......
...@@ -1243,16 +1243,20 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p ...@@ -1243,16 +1243,20 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
} }
if ($operator == 'or') { if ($operator == 'or') {
$str_tids = implode(',', call_user_func_array('array_merge', $descendant_tids)); $args = call_user_func_array('array_merge', $descendant_tids);
$sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 ORDER BY '. $order; $placeholders = implode(',', array_fill(0, count($args), '%d'));
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1'; $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 ORDER BY '. $order;
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1';
} }
else { else {
$joins = ''; $joins = '';
$wheres = ''; $wheres = '';
$args = array();
foreach ($descendant_tids as $index => $tids) { foreach ($descendant_tids as $index => $tids) {
$joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.nid = tn'. $index .'.nid'; $joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.nid = tn'. $index .'.nid';
$wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')'; $placeholders = implode(',', array_fill(0, count($tids), '%d'));
$wheres .= ' AND tn'. $index .'.tid IN ('. $placeholders .')';
$args = array_merge($args, $tids);
} }
$sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY '. $order; $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY '. $order;
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres; $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres;
...@@ -1260,10 +1264,10 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p ...@@ -1260,10 +1264,10 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
$sql = db_rewrite_sql($sql); $sql = db_rewrite_sql($sql);
$sql_count = db_rewrite_sql($sql_count); $sql_count = db_rewrite_sql($sql_count);
if ($pager) { if ($pager) {
$result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count); $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count, $args);
} }
else { else {
$result = db_query_range($sql, 0, variable_get('feed_default_items', 10)); $result = db_query_range($sql, 0, variable_get('feed_default_items', 10), $args);
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment