diff -urpN drupal/files/.htaccess drupal-6.x-dev-pre7-0.5.1/files/.htaccess
--- drupal/files/.htaccess 2007-09-17 16:25:19.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/files/.htaccess 1970-01-01 08:00:00.000000000 +0800
@@ -1,3 +0,0 @@
-SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
-Options None
-Options +FollowSymLinks
\ No newline at end of file
diff -urpN drupal/includes/actions.inc drupal-6.x-dev-pre7-0.5.1/includes/actions.inc
--- drupal/includes/actions.inc 2007-09-10 04:01:39.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/actions.inc 2007-09-17 11:34:51.000000000 +0800
@@ -239,7 +239,7 @@ function actions_function_lookup($hash)
}
// Must be an instance; must check database.
- $aid = db_result(db_query("SELECT aid FROM {actions} WHERE MD5(aid) = '%s' AND parameters != ''", $hash));
+ $aid = db_result(db_query("SELECT aid FROM {actions} WHERE MD5(aid) = %s AND parameters != ''", $hash));
return $aid;
}
@@ -272,7 +272,7 @@ function actions_synchronize($actions_in
}
else {
// This is a new singleton that we don't have an aid for; assign one.
- db_query("INSERT INTO {actions} (aid, type, callback, parameters, description) VALUES ('%s', '%s', '%s', '%s', '%s')", $callback, $array['type'], $callback, '', $array['description']);
+ db_query("INSERT INTO {actions} (aid, type, callback, parameters, description) VALUES (%s, %s, %s, %s, %s)", $callback, $array['type'], $callback, '', $array['description']);
watchdog('actions', t("Action '%action' added.", array('%action' => filter_xss_admin($array['description']))));
}
}
@@ -285,7 +285,7 @@ function actions_synchronize($actions_in
foreach ($actions_in_db as $callback => $array) {
$orphaned[] = $callback;
- $placeholder[] = "'%s'";
+ $placeholder[] = "%s";
}
$orphans = implode(', ', $orphaned);
@@ -326,7 +326,7 @@ function actions_synchronize($actions_in
function actions_save($function, $type, $params, $desc, $aid = NULL) {
$serialized = serialize($params);
if ($aid) {
- db_query("UPDATE {actions} SET callback = '%s', type = '%s', parameters = '%s', description = '%s' WHERE aid = %d", $function, $type, $serialized, $desc, $aid);
+ db_query("UPDATE {actions} SET callback = %s, type = %s, parameters = %s, description = %s WHERE aid = %d", $function, $type, $serialized, $desc, $aid);
watchdog('actions', 'Action %action saved.', array('%action' => $desc));
}
else {
@@ -334,7 +334,7 @@ function actions_save($function, $type,
// separate table for numeric aids.
db_query('INSERT INTO {actions_aid} VALUES (default)');
$aid = db_last_insert_id('actions_aid', 'aid');
- db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES (%d, '%s', '%s', '%s', '%s')", $aid, $function, $type, $serialized, $desc);
+ db_query("INSERT INTO {actions} (aid, callback, type, parameters, description) VALUES (%d, %s, %s, %s, %s)", $aid, $function, $type, $serialized, $desc);
watchdog('actions', 'Action %action created.', array('%action' => $desc));
}
diff -urpN drupal/includes/batch.inc drupal-6.x-dev-pre7-0.5.1/includes/batch.inc
--- drupal/includes/batch.inc 2007-09-05 05:10:45.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/batch.inc 2007-09-17 11:34:51.000000000 +0800
@@ -11,7 +11,7 @@
function _batch_page() {
$batch =& batch_get();
- if (isset($_REQUEST['id']) && $data = db_result(db_query("SELECT batch FROM {batch} WHERE bid = %d AND token = '%s'", $_REQUEST['id'], drupal_get_token($_REQUEST['id'])))) {
+ if (isset($_REQUEST['id']) && $data = db_result(db_query("SELECT batch FROM {batch} WHERE bid = %d AND token = %s", $_REQUEST['id'], drupal_get_token($_REQUEST['id'])))) {
$batch = unserialize($data);
}
else {
@@ -320,6 +320,6 @@ function _batch_finished() {
*/
function _batch_shutdown() {
if ($batch = batch_get()) {
- db_query("UPDATE {batch} SET batch = '%s' WHERE bid = %d", serialize($batch), $batch['id']);
+ db_query("UPDATE {batch} SET batch = %s WHERE bid = %d", serialize($batch), $batch['id']);
}
}
diff -urpN drupal/includes/bootstrap.inc drupal-6.x-dev-pre7-0.5.1/includes/bootstrap.inc
--- drupal/includes/bootstrap.inc 2007-09-10 20:19:11.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/bootstrap.inc 2007-09-17 11:34:51.000000000 +0800
@@ -385,7 +385,7 @@ function drupal_get_filename($type, $nam
// the database. This is required because this function is called both
// before we have a database connection (i.e. during installation) and
// when a database connection fails.
- elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = '%s' AND type = '%s'", $name, $type))) && file_exists($file))) {
+ elseif ($active_db && (($file = db_result(db_query("SELECT filename FROM {system} WHERE name = %s AND type = %s", $name, $type))) && file_exists($file))) {
$files[$type][$name] = $file;
}
else {
@@ -464,9 +464,9 @@ function variable_set($name, $value) {
global $conf;
$serialized_value = serialize($value);
- db_query("UPDATE {variable} SET value = '%s' WHERE name = '%s'", $serialized_value, $name);
+ db_query("UPDATE {variable} SET value = %s WHERE name = %s", $serialized_value, $name);
if (!db_affected_rows()) {
- @db_query("INSERT INTO {variable} (name, value) VALUES ('%s', '%s')", $name, $serialized_value);
+ @db_query("INSERT INTO {variable} (name, value) VALUES (%s, %s)", $name, $serialized_value);
}
cache_clear_all('variables', 'cache');
@@ -483,7 +483,7 @@ function variable_set($name, $value) {
function variable_del($name) {
global $conf;
- db_query("DELETE FROM {variable} WHERE name = '%s'", $name);
+ db_query("DELETE FROM {variable} WHERE name = %s", $name);
cache_clear_all('variables', 'cache');
unset($conf[$name]);
@@ -825,7 +825,7 @@ function drupal_is_denied($type, $mask)
// these, we return 1 (denied). If no matching records or only ones
// with status = 1, we get no return from db_result, so we return
// (bool)NULL = 0 (allowed).
- return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = '%s' AND LOWER('%s') LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
+ return (bool) db_result(db_query_range("SELECT 1 FROM {access} WHERE type = %s AND LOWER(%s) LIKE LOWER(mask) AND status = 0", $type, $mask, 0, 1));
}
/**
diff -urpN drupal/includes/cache.inc drupal-6.x-dev-pre7-0.5.1/includes/cache.inc
--- drupal/includes/cache.inc 2007-08-26 17:33:49.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/cache.inc 2007-09-17 11:34:51.000000000 +0800
@@ -22,7 +22,7 @@ function cache_get($cid, $table = 'cache
variable_set('cache_flush', 0);
}
- $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = '%s'", $cid));
+ $cache = db_fetch_object(db_query("SELECT data, created, headers, expire, serialized FROM {". $table ."} WHERE cid = %s", $cid));
if (isset($cache->data)) {
// If the data is permanent or we're not enforcing a minimum cache lifetime
// always return the cached data.
@@ -105,10 +105,11 @@ function cache_set($cid, $data, $table =
$serialized = 1;
}
$created = time();
- db_query("UPDATE {". $table ."} SET data = %b, created = %d, expire = %d, headers = '%s', serialized = %d WHERE cid = '%s'", $data, $created, $expire, $headers, $serialized, $cid);
+ db_query("UPDATE {". $table ."} SET data = %b, created = %d, expire = %d, headers = %s, serialized = %d WHERE cid = %s", NULL, $created, $expire, $headers, $serialized, $cid);
if (!db_affected_rows()) {
- @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES ('%s', %b, %d, %d, '%s', %d)", $cid, $data, $created, $expire, $headers, $serialized);
+ @db_query("INSERT INTO {". $table ."} (cid, data, created, expire, headers, serialized) VALUES (%s, %b, %d, %d, %s, %d)", $cid, NULL, $created, $expire, $headers, $serialized);
}
+ db_update_blob("cid = %s", $cid, db_prefix_tables('{' . $table . '}'), 'data', $data);
}
/**
@@ -169,11 +170,11 @@ function cache_clear_all($cid = NULL, $t
db_query("DELETE FROM {". $table ."}");
}
else {
- db_query("DELETE FROM {". $table ."} WHERE cid LIKE '%s%%'", $cid);
+ db_query("DELETE FROM {". $table ."} WHERE cid LIKE %s", $cid . "%");
}
}
else {
- db_query("DELETE FROM {". $table ."} WHERE cid = '%s'", $cid);
+ db_query("DELETE FROM {". $table ."} WHERE cid = %s", $cid);
}
}
}
diff -urpN drupal/includes/common.inc drupal-6.x-dev-pre7-0.5.1/includes/common.inc
--- drupal/includes/common.inc 2007-09-15 15:33:46.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/common.inc 2007-09-17 11:34:51.000000000 +0800
@@ -817,7 +817,7 @@ function valid_url($url, $absolute = FAL
* The name of the event.
*/
function flood_register_event($name) {
- db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES ('%s', '%s', %d)", $name, ip_address(), time());
+ db_query("INSERT INTO {flood} (event, hostname, timestamp) VALUES (%s, %s, %d)", $name, ip_address(), time());
}
/**
@@ -833,7 +833,7 @@ function flood_register_event($name) {
* True if the user did not exceed the hourly threshold. False otherwise.
*/
function flood_is_allowed($name, $threshold) {
- $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = '%s' AND hostname = '%s' AND timestamp > %d", $name, ip_address(), time() - 3600));
+ $number = db_result(db_query("SELECT COUNT(*) FROM {flood} WHERE event = %s AND hostname = %s AND timestamp > %d", $name, ip_address(), time() - 3600));
return ($number < $threshold ? TRUE : FALSE);
}
diff -urpN drupal/includes/database.inc drupal-6.x-dev-pre7-0.5.1/includes/database.inc
--- drupal/includes/database.inc 2007-09-14 18:43:26.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/database.inc 2007-09-17 11:45:56.000000000 +0800
@@ -174,23 +174,23 @@ function _db_query_callback($match, $ini
}
switch ($match[1]) {
- case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?)
- return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe
+ case '%d':
+ return db_escape_decimal(array_shift($args));
+ case '%f':
+ return db_escape_float(array_shift($args));
case '%s':
return db_escape_string(array_shift($args));
- case '%%':
- return '%';
- case '%f':
- return (float) array_shift($args);
- case '%b': // binary data
+ case '%b': // Binary Large OBject.
return db_encode_blob(array_shift($args));
+ case '%c': // Character Large OBject.
+ return db_encode_clob(array_shift($args));
}
}
/**
* Indicates the place holders that should be replaced in _db_query_callback().
*/
-define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/');
+define('DB_QUERY_REGEXP', '/(%d|%f|%s|%b|%c)/');
/**
* Helper function for db_rewrite_sql.
@@ -475,15 +475,7 @@ function _db_type_placeholder($type) {
case 'varchar':
case 'text':
case 'datetime':
- return '\'%s\'';
-
case 'numeric':
- // For 'numeric' values, we use '%s', not '\'%s\'' as with
- // string types, because numeric values should not be enclosed
- // in quotes in queries (though they can be, at least on mysql
- // and pgsql). Numerics should only have [0-9.+-] and
- // presumably no db's "escape string" function will mess with
- // those characters.
return '%s';
case 'serial':
diff -urpN drupal/includes/database.mysql-common.inc drupal-6.x-dev-pre7-0.5.1/includes/database.mysql-common.inc
--- drupal/includes/database.mysql-common.inc 2007-09-15 01:46:32.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/database.mysql-common.inc 2007-09-17 13:01:11.000000000 +0800
@@ -7,6 +7,31 @@
*/
/**
+ * Indicates the concatenation operator.
+ */
+define('DB_CONCAT_OPERATOR', '+');
+
+/**
+ * Indicates the name of the SQL strlen function.
+ */
+define('DB_LENGTH', 'LENGTH');
+
+/**
+ * Indicates the name of the SQL strtoupper function.
+ */
+define('DB_UPPER', 'UPPER');
+
+/**
+ * Indicates the SQL to generate a random number between 0.00 and 1.00.
+ */
+define('DB_RANDOM', 'RAND()');
+
+/**
+ * Indicates the name of the SQL substring function.
+ */
+define('DB_SUBSTR', 'SUBSTRING');
+
+/**
* Runs a basic query in the active database.
*
* User-supplied arguments to the query should be passed in as separate
@@ -21,7 +46,11 @@
* you may also pass a single array containing the query arguments.
*
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -229,6 +258,9 @@ function db_type_map() {
'blob:big' => 'LONGBLOB',
'blob:normal' => 'BLOB',
+ 'clob:big' => 'LONGTEXT',
+ 'clob:normal' => 'TEXT',
+
'datetime:normal' => 'DATETIME',
);
return $map;
@@ -447,6 +479,130 @@ function db_drop_index(&$ret, $table, $n
$ret[] = update_sql('ALTER TABLE {'. $table .'} DROP INDEX '. $name);
}
+/*
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_decimal($data) {
+ return (int) $data;
+}
+
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_float($data) {
+ return (float) $data;
+}
+
+/**
+ * Update the Binary Large Object value, based on the database specific
+ * implementation.
+ *
+ * @param $query
+ * A string containing an update condition query (where clause).
+ * @param ...
+ * A variable number of arguments which are substituted into the query
+ * WHERE condition, using printf() syntax. Instead of a variable number
+ * of query arguments, you may also pass a single array containing the
+ * query arguments.
+ *
+ * Valid %-modifiers are: %s, %d and %f.
+ *
+ * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
+ * and TRUE values to decimal 1.
+ *
+ * @param $table
+ * Table to update.
+ * @param $column
+ * Column to update.
+ * @param $value
+ * Values to update.
+ * @return
+ * A database query result resource, or FALSE if the query was not
+ * executed correctly.
+ */
+function db_update_blob($query) {
+ $args = func_get_args();
+ $value = array_pop($args);
+ $column = array_pop($args);
+ $table = array_pop($args);
+ array_shift($args);
+
+ if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
+ $args = $args[0];
+ }
+ _db_query_callback($args, TRUE);
+ $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
+ $query = 'UPDATE ' . $table . ' SET ' . $column . ' = ' . db_encode_blob($value) . ' WHERE ' . $query;
+ return _db_query($query);
+}
+
+/**
+ * Update the Character Large Object value, based on the database specific
+ * implementation.
+ *
+ * @param $query
+ * A string containing an update condition query (where clause).
+ * @param ...
+ * A variable number of arguments which are substituted into the query
+ * WHERE condition, using printf() syntax. Instead of a variable number
+ * of query arguments, you may also pass a single array containing the
+ * query arguments.
+ *
+ * Valid %-modifiers are: %s, %d and %f.
+ *
+ * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
+ * and TRUE values to decimal 1.
+ *
+ * @param $table
+ * Table to update.
+ * @param $column
+ * Column to update.
+ * @param $value
+ * Values to update.
+ * @return
+ * A database query result resource, or FALSE if the query was not
+ * executed correctly.
+ */
+function db_update_clob($query) {
+ $args = func_get_args();
+ $value = array_pop($args);
+ $column = array_pop($args);
+ $table = array_pop($args);
+ array_shift($args);
+
+ if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
+ $args = $args[0];
+ }
+ _db_query_callback($args, TRUE);
+ $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
+ $query = 'UPDATE ' . $table . ' SET ' . $column . ' = ' . db_encode_clob($value) . ' WHERE ' . $query;
+ return _db_query($query);
+}
+
+/**
+ * Portable SQL generating function.
+ *
+ * @param ...
+ * Variable number of string parameters.
+ * @return
+ * Portably concatenate strings.
+ */
+function db_concat() {
+ $args = func_get_args();
+ $return = implode(', ', $args);
+ return (strlen($return) > 0) ? "CONCAT($return)" : '';
+}
+
+/**
+ * Returns a string that is the equivalent of MySQL IFNULL or Oracle NVL.
+ *
+ * @return
+ * If $expr1 is not NULL, returns $expr1; otherwise it returns $expr2.
+ */
+function db_if_null($expr1, $expr2) {
+ return " IFNULL($expr1, $expr2) ";
+}
+
/**
* Change a field definition.
*
diff -urpN drupal/includes/database.mysqli.inc drupal-6.x-dev-pre7-0.5.1/includes/database.mysqli.inc
--- drupal/includes/database.mysqli.inc 2007-09-04 01:02:16.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/database.mysqli.inc 2007-09-17 11:47:04.000000000 +0800
@@ -243,7 +243,11 @@ function db_affected_rows() {
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -292,7 +296,11 @@ function db_query_range($query) {
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -319,16 +327,24 @@ function db_query_temporary($query) {
}
/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($data) {
+ global $active_db;
+ return "'" . mysqli_real_escape_string($active_db, $data) . "'";
+}
+
+/**
* Returns a properly formatted Binary Large Object value.
*
* @param $data
* Data to encode.
* @return
- * Encoded data.
+ * Encoded data, or empty LOB value placeholder for NULL $data.
*/
function db_encode_blob($data) {
global $active_db;
- return "'". mysqli_real_escape_string($active_db, $data) ."'";
+ return !is_null($data) ? "'". mysqli_real_escape_string($active_db, $data) ."'" : "''";
}
/**
@@ -344,11 +360,28 @@ function db_decode_blob($data) {
}
/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
+ * Returns a properly formatted Character Large OBject value.
+ *
+ * @param $data
+ * Data to encode.
+ * @return
+ * Encoded data, or empty LOB value placeholder for NULL $data.
*/
-function db_escape_string($text) {
+function db_encode_clob($data) {
global $active_db;
- return mysqli_real_escape_string($active_db, $text);
+ return !is_null($data) ? "'". mysqli_real_escape_string($active_db, $data) ."'" : "''";
+}
+
+/**
+ * Returns text from a Character Large OBject value.
+ *
+ * @param $data
+ * Data to decode.
+ * @return
+ * Decoded data.
+ */
+function db_decode_clob($data) {
+ return $data;
}
/**
@@ -376,7 +409,7 @@ function db_table_exists($table) {
* Check if a column exists in the given table.
*/
function db_column_exists($table, $column) {
- return db_fetch_object(db_query("SHOW COLUMNS FROM {%s} LIKE '%s'", $table, $column)) ? TRUE : FALSE;
+ return db_fetch_object(db_query("SHOW COLUMNS FROM {%s} LIKE %s", $table, $column)) ? TRUE : FALSE;
}
/**
diff -urpN drupal/includes/database.mysql.inc drupal-6.x-dev-pre7-0.5.1/includes/database.mysql.inc
--- drupal/includes/database.mysql.inc 2007-08-30 02:38:55.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/database.mysql.inc 2007-09-17 11:46:37.000000000 +0800
@@ -244,7 +244,11 @@ function db_affected_rows() {
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -293,7 +297,11 @@ function db_query_range($query) {
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -320,16 +328,24 @@ function db_query_temporary($query) {
}
/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_string($data) {
+ global $active_db;
+ return "'" . mysql_real_escape_string($data, $active_db) . "'";
+}
+
+/**
* Returns a properly formatted Binary Large OBject value.
*
* @param $data
* Data to encode.
* @return
- * Encoded data.
+ * Encoded data, or empty LOB value placeholder for NULL $data.
*/
function db_encode_blob($data) {
global $active_db;
- return "'". mysql_real_escape_string($data, $active_db) ."'";
+ return !is_null($data) ? "'". mysql_real_escape_string($data, $active_db) ."'" : "''";
}
/**
@@ -345,11 +361,28 @@ function db_decode_blob($data) {
}
/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
+ * Returns a properly formatted Character Large OBject value.
+ *
+ * @param $data
+ * Data to encode.
+ * @return
+ * Encoded data, or empty LOB value placeholder for NULL $data.
*/
-function db_escape_string($text) {
+function db_encode_clob($data) {
global $active_db;
- return mysql_real_escape_string($text, $active_db);
+ return !is_null($data) ? "'". mysql_real_escape_string($data, $active_db) ."'" : "''";
+}
+
+/**
+ * Returns text from a Character Large Object value.
+ *
+ * @param $data
+ * Data to decode.
+ * @return
+ * Decoded data.
+ */
+function db_decode_clob($data) {
+ return $data;
}
/**
@@ -377,7 +410,7 @@ function db_table_exists($table) {
* Check if a column exists in the given table.
*/
function db_column_exists($table, $column) {
- return db_fetch_object(db_query("SHOW COLUMNS FROM {%s} LIKE '%s'", $table, $column)) ? TRUE : FALSE;
+ return db_fetch_object(db_query("SHOW COLUMNS FROM {%s} LIKE %s", $table, $column)) ? TRUE : FALSE;
}
/**
diff -urpN drupal/includes/database.pgsql.inc drupal-6.x-dev-pre7-0.5.1/includes/database.pgsql.inc
--- drupal/includes/database.pgsql.inc 2007-09-15 01:46:32.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/database.pgsql.inc 2007-09-17 12:58:45.000000000 +0800
@@ -12,6 +12,31 @@
*/
/**
+ * Indicates the concatenation operator.
+ */
+define('DB_CONCAT_OPERATOR', '||');
+
+/**
+ * Indicates the name of the SQL strlen function.
+ */
+define('DB_LENGTH', 'LENGTH');
+
+/**
+ * Indicates the name of the SQL strtoupper function.
+ */
+define('DB_UPPER', 'UPPER');
+
+/**
+ * Indicates the SQL to generate a random number between 0.00 and 1.00.
+ */
+define('DB_RANDOM', 'RANDOM()');
+
+/**
+ * Indicates the name of the SQL substr function.
+ */
+define('DB_SUBSTR', 'SUBSTRING');
+
+/**
* Report database status.
*/
function db_status_report() {
@@ -120,7 +145,11 @@ function db_connect($url) {
* you may also pass a single array containing the query arguments.
*
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -272,7 +301,11 @@ function db_affected_rows() {
* using printf() syntax. Instead of a variable number of query arguments,
* you may also pass a single array containing the query arguments.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -321,7 +354,11 @@ function db_query_range($query) {
* using printf() syntax. The query arguments can be enclosed in one
* array instead.
* Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose
- * in '') and %%.
+ * in '') and %c (character large object, do not enclose in '').
+ *
+ * NOTE: use NULL as arguments substitution for %b and %c. This will be
+ * replaced as corresponding empty LOB value placeholder, based on the
+ * database specific representation.
*
* NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
* and TRUE values to decimal 1.
@@ -348,16 +385,38 @@ function db_query_temporary($query) {
}
/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_decimal($data) {
+ return (int) $data;
+}
+
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ */
+function db_escape_float($data) {
+ return (float) $data;
+}
+
+/**
+ * Prepare user input for use in a database query, preventing SQL injection attacks.
+ * Note: This function requires PostgreSQL 7.2 or later.
+ */
+function db_escape_string($data) {
+ return "'" . pg_escape_string($data) . "'";
+}
+
+/**
* Returns a properly formatted Binary Large OBject value.
- * In case of PostgreSQL encodes data for insert into bytea field.
+ * In case of PostgreSQL encodes data for insert or update into bytea field.
*
* @param $data
* Data to encode.
* @return
- * Encoded data.
+ * Encoded data, or empty LOB value placeholder for NULL $data.
*/
function db_encode_blob($data) {
- return "'". pg_escape_bytea($data) ."'";
+ return !is_null($data) ? "'". pg_escape_bytea($data) ."'" : "''";
}
/**
@@ -374,11 +433,139 @@ function db_decode_blob($data) {
}
/**
- * Prepare user input for use in a database query, preventing SQL injection attacks.
- * Note: This function requires PostgreSQL 7.2 or later.
+ * Returns a properly formatted Character Large OBject value.
+ * In case of PostgreSQL encodes data for insert or update into text field.
+ *
+ * @param $data
+ * Data to encode.
+ * @return
+ * Encoded data, or empty LOB value placeholder for NULL $data.
+ */
+function db_encode_clob($data) {
+ return !is_null($data) ? "'". pg_escape_string($data) ."'" : "''";
+
+}
+
+/**
+ * Returns text from a Character Large OBject value.
+ * In case of PostgreSQL decodes data after select from bytea field.
+ *
+ * @param $data
+ * Data to decode.
+ * @return
+ * Decoded data.
+ */
+function db_decode_clob($data) {
+ return $data;
+}
+
+/**
+ * Update the Binary Large Object value, based on the database specific
+ * implementation.
+ *
+ * @param $query
+ * A string containing an update condition query (where clause).
+ * @param ...
+ * A variable number of arguments which are substituted into the query
+ * WHERE condition, using printf() syntax. Instead of a variable number
+ * of query arguments, you may also pass a single array containing the
+ * query arguments.
+ *
+ * Valid %-modifiers are: %s, %d and %f.
+ *
+ * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
+ * and TRUE values to decimal 1.
+ *
+ * @param $table
+ * Table to update.
+ * @param $column
+ * Column to update.
+ * @param $value
+ * Values to update.
+ * @return
+ * A database query result resource, or FALSE if the query was not
+ * executed correctly.
*/
-function db_escape_string($text) {
- return pg_escape_string($text);
+function db_update_blob($query) {
+ $args = func_get_args();
+ $value = array_pop($args);
+ $column = array_pop($args);
+ $table = array_pop($args);
+ array_shift($args);
+
+ if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
+ $args = $args[0];
+ }
+ _db_query_callback($args, TRUE);
+ $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
+ $query = 'UPDATE ' . $table . ' SET ' . $column . ' = ' . db_encode_blob($value) . ' WHERE ' . $query;
+ return _db_query($query);
+}
+
+/**
+ * Update the Character Large Object value, based on the database specific
+ * implementation.
+ *
+ * @param $query
+ * A string containing an update condition query (where clause).
+ * @param ...
+ * A variable number of arguments which are substituted into the query
+ * WHERE condition, using printf() syntax. Instead of a variable number
+ * of query arguments, you may also pass a single array containing the
+ * query arguments.
+ *
+ * Valid %-modifiers are: %s, %d and %f.
+ *
+ * NOTE: using this syntax will cast NULL and FALSE values to decimal 0,
+ * and TRUE values to decimal 1.
+ *
+ * @param $table
+ * Table to update.
+ * @param $column
+ * Column to update.
+ * @param $value
+ * Values to update.
+ * @return
+ * A database query result resource, or FALSE if the query was not
+ * executed correctly.
+ */
+function db_update_clob($query) {
+ $args = func_get_args();
+ $value = array_pop($args);
+ $column = array_pop($args);
+ $table = array_pop($args);
+ array_shift($args);
+
+ if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax
+ $args = $args[0];
+ }
+ _db_query_callback($args, TRUE);
+ $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query);
+ $query = 'UPDATE ' . $table . ' SET ' . $column . ' = ' . db_encode_clob($value) . ' WHERE ' . $query;
+ return _db_query($query);
+}
+
+/**
+ * Return a portably concatenate strings.
+ *
+ * @param ...
+ * Variable number of string parameters.
+ * @return
+ * Portably concatenate strings.
+ */
+function db_concat() {
+ $args = func_get_args();
+ return implode(DB_CONCAT_OPERATOR, $args);
+}
+
+/**
+ * Returns a string that is the equivalent of MySQL IFNULL or Oracle NVL.
+ *
+ * @return
+ * If $expr1 is not NULL, returns $expr1; otherwise it returns $expr2.
+ */
+function db_if_null($expr1, $expr2) {
+ return " COALESCE($expr1, $expr2) ";
}
/**
@@ -408,7 +595,7 @@ function db_table_exists($table) {
* Check if a column exists in the given table.
*/
function db_column_exists($table, $column) {
- return db_result(db_query("SELECT COUNT(pg_attribute.attname) FROM pg_class, pg_attribute WHERE pg_attribute.attrelid = pg_class.oid AND pg_class.relname = '{". db_escape_table($table) ."}' AND attname='%s'", $column));
+ return db_result(db_query("SELECT COUNT(pg_attribute.attname) FROM pg_class, pg_attribute WHERE pg_attribute.attrelid = pg_class.oid AND pg_class.relname = '{". db_escape_table($table) ."}' AND attname=%s", $column));
}
/**
@@ -485,6 +672,9 @@ function db_type_map() {
'blob:big' => 'bytea',
'blob:normal' => 'bytea',
+ 'clob:big' => 'text',
+ 'clob:normal' => 'text',
+
'datetime:normal' => 'timestamp',
'serial:tiny' => 'serial',
diff -urpN drupal/includes/file.inc drupal-6.x-dev-pre7-0.5.1/includes/file.inc
--- drupal/includes/file.inc 2007-07-26 01:41:27.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/file.inc 2007-09-17 11:34:51.000000000 +0800
@@ -574,7 +574,7 @@ function file_save_upload($source, $vali
}
// If we made it this far it's safe to record this file in the database.
- db_query("INSERT INTO {files} (uid, filename, filepath, filemime, filesize, status, timestamp) VALUES (%d, '%s', '%s', '%s', %d, %d, %d)", $user->uid, $file->filename, $file->filepath, $file->filemime, $file->filesize, FILE_STATUS_TEMPORARY, time());
+ db_query("INSERT INTO {files} (uid, filename, filepath, filemime, filesize, status, timestamp) VALUES (%d, %s, %s, %s, %d, %d, %d)", $user->uid, $file->filename, $file->filepath, $file->filemime, $file->filesize, FILE_STATUS_TEMPORARY, time());
$file->fid = db_last_insert_id('files', 'fid');
// Add file to the cache.
diff -urpN drupal/includes/form.inc drupal-6.x-dev-pre7-0.5.1/includes/form.inc
--- drupal/includes/form.inc 2007-09-14 18:40:55.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/form.inc 2007-09-17 11:34:51.000000000 +0800
@@ -2205,7 +2205,7 @@ function batch_process($redirect = NULL,
$batch['error_message'] = $t('Please continue to the error page', array('@error_url' => url($url, array('query' => array('id' => $batch['id'], 'op' => 'finished')))));
// Actually store the batch data and the token generated form the batch id.
- db_query("UPDATE {batch} SET token = '%s', batch = '%s' WHERE bid = %d", drupal_get_token($batch['id']), serialize($batch), $batch['id']);
+ db_query("UPDATE {batch} SET token = %s, batch = %s WHERE bid = %d", drupal_get_token($batch['id']), serialize($batch), $batch['id']);
drupal_goto($batch['url'], 'op=start&id='. $batch['id']);
}
diff -urpN drupal/includes/install.inc drupal-6.x-dev-pre7-0.5.1/includes/install.inc
--- drupal/includes/install.inc 2007-09-07 18:48:24.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/install.inc 2007-09-17 11:34:51.000000000 +0800
@@ -70,7 +70,7 @@ function drupal_get_installed_schema_ver
if (!$versions) {
$versions = array();
- $result = db_query("SELECT name, schema_version FROM {system} WHERE type = '%s'", 'module');
+ $result = db_query("SELECT name, schema_version FROM {system} WHERE type = %s", 'module');
while ($row = db_fetch_object($result)) {
$versions[$row->name] = $row->schema_version;
}
@@ -88,7 +88,7 @@ function drupal_get_installed_schema_ver
* The new schema version.
*/
function drupal_set_installed_schema_version($module, $version) {
- db_query("UPDATE {system} SET schema_version = %d WHERE name = '%s'", $version, $module);
+ db_query("UPDATE {system} SET schema_version = %d WHERE name = %s", $version, $module);
}
/**
@@ -312,7 +312,7 @@ function drupal_install_profile($profile
module_invoke('system', 'install');
$system_versions = drupal_get_schema_versions('system');
$system_version = $system_versions ? max($system_versions) : SCHEMA_INSTALLED;
- db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES('%s', '%s', '%s', '%s', %d, %d, %d, %d)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
+ db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES(%s, %s, %s, %s, %d, %d, %d, %d)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version);
// Now that we've installed things properly, bootstrap the full Drupal environment
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
@@ -369,7 +369,7 @@ function drupal_uninstall_module($module
}
$paths[$index] = implode('/', $parts);
}
- $placeholders = implode(', ', array_fill(0, count($paths), "'%s'"));
+ $placeholders = implode(', ', array_fill(0, count($paths), "%s"));
$result = db_query('SELECT * FROM {menu_links} WHERE router_path IN ('. $placeholders .') AND external = 0 ORDER BY depth DESC', $paths);
// Remove all such items. Starting from those with the greatest depth will
diff -urpN drupal/includes/locale.inc drupal-6.x-dev-pre7-0.5.1/includes/locale.inc
--- drupal/includes/locale.inc 2007-09-05 05:10:45.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/locale.inc 2007-09-17 11:34:51.000000000 +0800
@@ -114,7 +114,7 @@ function locale_languages_overview_form_
$language->enabled = 0;
}
$language->weight = $form_state['values']['weight'][$langcode];
- db_query("UPDATE {languages} SET enabled = %d, weight = %d WHERE language = '%s'", $language->enabled, $language->weight, $langcode);
+ db_query("UPDATE {languages} SET enabled = %d, weight = %d WHERE language = %s", $language->enabled, $language->weight, $langcode);
$languages[$langcode] = $language;
}
drupal_set_message(t('Configuration saved.'));
@@ -193,7 +193,7 @@ function locale_languages_custom_form()
* Language code of the language to edit.
*/
function locale_languages_edit_form(&$form_state, $langcode) {
- if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $langcode))) {
+ if ($language = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = %s", $langcode))) {
$form = array();
_locale_languages_common_controls($form, $language);
$form['submit'] = array(
@@ -285,7 +285,7 @@ function _locale_languages_common_contro
function locale_languages_predefined_form_validate($form, &$form_state) {
$langcode = $form_state['values']['langcode'];
- if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = '%s'", $langcode)) != 0) {
+ if ($duplicate = db_result(db_query("SELECT COUNT(*) FROM {languages} WHERE language = %s", $langcode)) != 0) {
form_set_error('langcode', t('The language %language (%code) already exists.', array('%language' => $form_state['values']['name'], '%code' => $langcode)));
}
@@ -336,13 +336,13 @@ function locale_languages_edit_form_vali
if (!empty($form_state['values']['domain']) && !empty($form_state['values']['prefix'])) {
form_set_error('prefix', t('Domain and path prefix values should not be set at the same time.'));
}
- if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = '%s' AND language != '%s'", $form_state['values']['domain'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['domain']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE domain = %s AND language != %s", $form_state['values']['domain'], $form_state['values']['langcode']))) {
form_set_error('domain', t('The domain (%domain) is already tied to a language (%language).', array('%domain' => $form_state['values']['domain'], '%language' => $duplicate->language)));
}
if (empty($form_state['values']['prefix']) && language_default('language') != $form_state['values']['langcode'] && empty($form_state['values']['domain'])) {
form_set_error('prefix', t('Only the default language can have both the domain and prefix empty.'));
}
- if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = '%s' AND language != '%s'", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
+ if (!empty($form_state['values']['prefix']) && $duplicate = db_fetch_object(db_query("SELECT language FROM {languages} WHERE prefix = %s AND language != %s", $form_state['values']['prefix'], $form_state['values']['langcode']))) {
form_set_error('prefix', t('The prefix (%prefix) is already tied to a language (%language).', array('%prefix' => $form_state['values']['prefix'], '%language' => $duplicate->language)));
}
}
@@ -351,7 +351,7 @@ function locale_languages_edit_form_vali
* Process the language editing form submission.
*/
function locale_languages_edit_form_submit($form, &$form_state) {
- db_query("UPDATE {languages} SET name = '%s', native = '%s', domain = '%s', prefix = '%s', direction = %d WHERE language = '%s'", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
+ db_query("UPDATE {languages} SET name = %s, native = %s, domain = %s, prefix = %s, direction = %d WHERE language = %s", $form_state['values']['name'], $form_state['values']['native'], $form_state['values']['domain'], $form_state['values']['prefix'], $form_state['values']['direction'], $form_state['values']['langcode']);
$default = language_default();
if ($default->language == $form_state['values']['langcode']) {
$properties = array('name', 'native', 'direction', 'enabled', 'plurals', 'formula', 'domain', 'prefix', 'weight');
@@ -408,9 +408,9 @@ function locale_languages_delete_form(&$
function locale_languages_delete_form_submit($form, &$form_state) {
$languages = language_list();
if (isset($languages[$form_state['values']['langcode']])) {
- db_query("DELETE FROM {languages} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("DELETE FROM {locales_target} WHERE language = '%s'", $form_state['values']['langcode']);
- db_query("UPDATE {node} SET language = '' WHERE language = '%s'", $form_state['values']['langcode']);
+ db_query("DELETE FROM {languages} WHERE language = %s", $form_state['values']['langcode']);
+ db_query("DELETE FROM {locales_target} WHERE language = %s", $form_state['values']['langcode']);
+ db_query("UPDATE {node} SET language = '' WHERE language = %s", $form_state['values']['langcode']);
$variables = array('%locale' => $languages[$form_state['values']['langcode']]->name);
drupal_set_message(t('The language %locale has been removed.', $variables));
watchdog('locale', 'The language %locale has been removed.', $variables);
@@ -802,7 +802,7 @@ function locale_translate_edit_form(&$fo
}
// Fetch translations and fill in default values in the form.
- $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = %d AND language != '%s'", $lid, $omit);
+ $result = db_query("SELECT DISTINCT translation, language FROM {locales_target} WHERE lid = %d AND language != %s", $lid, $omit);
while ($translation = db_fetch_object($result)) {
$form['translations'][$translation->language]['#default_value'] = $translation->translation;
}
@@ -818,19 +818,19 @@ function locale_translate_edit_form(&$fo
function locale_translate_edit_form_submit($form, &$form_state) {
$lid = $form_state['values']['lid'];
foreach ($form_state['values']['translations'] as $key => $value) {
- $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key));
+ $translation = db_result(db_query("SELECT translation FROM {locales_target} WHERE lid = %d AND language = %s", $lid, $key));
if (!empty($value)) {
// Only update or insert if we have a value to use.
if (!empty($translation)) {
- db_query("UPDATE {locales_target} SET translation = '%s' WHERE lid = %d AND language = '%s'", $value, $lid, $key);
+ db_query("UPDATE {locales_target} SET translation = %s WHERE lid = %d AND language = %s", $value, $lid, $key);
}
else {
- db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (%d, '%s', '%s')", $lid, $value, $key);
+ db_query("INSERT INTO {locales_target} (lid, translation, language) VALUES (%d, %s, %s)", $lid, $value, $key);
}
}
elseif (!empty($translation)) {
// Empty translation entered: remove existing entry from database.
- db_query("DELETE FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $key);
+ db_query("DELETE FROM {locales_target} WHERE lid = %d AND language = %s", $lid, $key);
}
// Refresh the JS file for this language.
@@ -913,7 +913,7 @@ function locale_add_language($langcode,
$direction = isset($predefined[$langcode][2]) ? $predefined[$langcode][2] : LANGUAGE_LTR;
}
- db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES ('%s', '%s', '%s', %d, '%s', '%s', %d)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
+ db_query("INSERT INTO {languages} (language, name, native, direction, domain, prefix, enabled) VALUES (%s, %s, %s, %d, %s, %s, %d)", $langcode, $name, $native, $direction, $domain, $prefix, $enabled);
// Only set it as default if enabled.
if ($enabled && $default) {
@@ -955,7 +955,7 @@ function _locale_import_po($file, $langc
}
// Check if we have the language already in the database.
- if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = '%s'", $langcode))) {
+ if (!db_fetch_object(db_query("SELECT language FROM {languages} WHERE language = %s", $langcode))) {
drupal_set_message(t('The language selected for import is not supported.'), 'error');
return FALSE;
}
@@ -1195,10 +1195,10 @@ function _locale_import_one_string($op,
// Get the plural formula and update in database.
if (isset($header["Plural-Forms"]) && $p = _locale_import_parse_plural_forms($header["Plural-Forms"], $file->filename)) {
list($nplurals, $plural) = $p;
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", $nplurals, $plural, $lang);
+ db_query("UPDATE {languages} SET plurals = %d, formula = %s WHERE language = %s", $nplurals, $plural, $lang);
}
else {
- db_query("UPDATE {languages} SET plurals = %d, formula = '%s' WHERE language = '%s'", 0, '', $lang);
+ db_query("UPDATE {languages} SET plurals = %d, formula = %s WHERE language = %s", 0, '', $lang);
}
$headerdone = TRUE;
}
@@ -1260,35 +1260,35 @@ function _locale_import_one_string($op,
* The string ID of the existing string modified or the new string added.
*/
function _locale_import_one_string_db(&$report, $langcode, $source, $translation, $textgroup, $location, $mode, $plid = NULL, $plural = NULL) {
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = %s AND textgroup = %s", $source, $textgroup));
if (!empty($translation)) {
if ($lid) {
// We have this source string saved already.
- db_query("UPDATE {locales_source} SET location = '%s' WHERE lid = %d", $location, $lid);
- $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = '%s'", $lid, $langcode));
+ db_query("UPDATE {locales_source} SET location = %s WHERE lid = %d", $location, $lid);
+ $exists = (bool) db_result(db_query("SELECT lid FROM {locales_target} WHERE lid = %d AND language = %s", $lid, $langcode));
if (!$exists) {
// No translation in this language.
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, %s, %s, %d, %d)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
else if ($mode == LOCALE_IMPORT_OVERWRITE) {
// Translation exists, only overwrite if instructed.
- db_query("UPDATE {locales_target} SET translation = '%s', plid = %d, plural = %d WHERE language = '%s' AND lid = %d", $translation, $plid, $plural, $langcode, $lid);
+ db_query("UPDATE {locales_target} SET translation = %s, plid = %d, plural = %d WHERE language = %s AND lid = %d", $translation, $plid, $plural, $langcode, $lid);
$report[1]++;
}
}
else {
// No such source string in the database yet.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', '%s')", $location, $source, $textgroup);
- $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = '%s' AND textgroup = '%s'", $source, $textgroup));
- db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, '%s', '%s', %d, %d)", $lid, $langcode, $translation, $plid, $plural);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (%s, %s, %s)", $location, $source, $textgroup);
+ $lid = db_result(db_query("SELECT lid FROM {locales_source} WHERE source = %s AND textgroup = %s", $source, $textgroup));
+ db_query("INSERT INTO {locales_target} (lid, language, translation, plid, plural) VALUES (%d, %s, %s, %d, %d)", $lid, $langcode, $translation, $plid, $plural);
$report[0]++;
}
}
elseif ($mode == LOCALE_IMPORT_OVERWRITE) {
// Empty translation, remove existing if instructed.
- db_query("DELETE FROM {locales_target} WHERE language = '%s' AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural);
+ db_query("DELETE FROM {locales_target} WHERE language = %s AND lid = %d AND plid = %d AND plural = %d", $translation, $langcode, $lid, $plid, $plural);
$report[2]++;
}
@@ -1664,7 +1664,7 @@ function _locale_parse_js_file($filepath
// Remove the quotes and string concatenations from the string.
$string = implode('', preg_split('~(?lid);
+ db_query("UPDATE {locales_source} SET location = %s WHERE lid = %d", $locations, $source->lid);
}
}
else {
// We don't have the source string yet, thus we insert it into the database.
- db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES ('%s', '%s', 'default')", $filepath, $string);
+ db_query("INSERT INTO {locales_source} (location, source, textgroup) VALUES (%s, %s, 'default')", $filepath, $string);
}
}
}
@@ -1704,10 +1704,10 @@ function _locale_parse_js_file($filepath
*/
function _locale_export_get_strings($language = NULL, $group = 'default') {
if (isset($language)) {
- $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $language->language, $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.translation, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = %s WHERE s.textgroup = %s ORDER BY t.plid, t.plural", $language->language, $group);
}
else {
- $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = '%s' ORDER BY t.plid, t.plural", $group);
+ $result = db_query("SELECT s.lid, s.source, s.location, t.plid, t.plural FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid WHERE s.textgroup = %s ORDER BY t.plid, t.plural", $group);
}
$strings = array();
while ($child = db_fetch_object($result)) {
@@ -1942,34 +1942,34 @@ function _locale_translate_seek() {
// Compute LIKE section
switch ($query['translation']) {
case 'translated':
- $where = "WHERE (t.translation LIKE '%%%s%%')";
+ $where = "WHERE (t.translation LIKE %s)";
$orderby = "ORDER BY t.translation";
- $arguments[] = $query['string'];
+ $arguments[] = "%" . $query['string'] . "%";
break;
case 'untranslated':
- $where = "WHERE (s.source LIKE '%%%s%%' AND t.translation IS NULL)";
+ $where = "WHERE (s.source LIKE %s AND t.translation IS NULL)";
$orderby = "ORDER BY s.source";
- $arguments[] = $query['string'];
+ $arguments[] = "%" . $query['string'] . "%";
break;
case 'all' :
default:
- $where = "WHERE (s.source LIKE '%%%s%%' OR t.translation LIKE '%%%s%%')";
+ $where = "WHERE (s.source LIKE %s OR t.translation LIKE %s)";
$orderby = '';
- $arguments[] = $query['string'];
- $arguments[] = $query['string'];
+ $arguments[] = "%" . $query['string'] . "%";
+ $arguments[] = "%" . $query['string'] . "%";
break;
}
$grouplimit = '';
if (!empty($query['group']) && $query['group'] != 'all') {
- $grouplimit = " AND s.textgroup = '%s'";
+ $grouplimit = " AND s.textgroup = %s";
$arguments[] = $query['group'];
}
switch ($query['language']) {
// Force search in source strings
case "en":
- $sql = $join ." WHERE s.source LIKE '%%%s%%' $grouplimit ORDER BY s.source";
- $arguments = array($query['string']); // $where is not used, discard its arguments
+ $sql = $join ." WHERE s.source LIKE %s $grouplimit ORDER BY s.source";
+ $arguments = array("%" . $query['string'] . "%"); // $where is not used, discard its arguments
if (!empty($grouplimit)) {
$arguments[] = $query['group'];
}
@@ -1980,7 +1980,7 @@ function _locale_translate_seek() {
break;
// Some different language
default:
- $sql = "$join AND t.language = '%s' $where $grouplimit $orderby";
+ $sql = "$join AND t.language = %s $where $grouplimit $orderby";
array_unshift($arguments, $query['language']);
// Don't show translation flags for other languages, we can't see them with this search.
$limit_language = $query['language'];
@@ -2057,7 +2057,7 @@ function _locale_rebuild_js($langcode =
// Construct the array for JavaScript translations.
// We sort on plural so that we have all plural forms before singular forms.
- $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = '%s' WHERE s.location LIKE '%%.js%%' AND s.textgroup = 'default' ORDER BY t.plural DESC", $language->language);
+ $result = db_query("SELECT s.lid, s.source, t.plid, t.plural, t.translation FROM {locales_source} s LEFT JOIN {locales_target} t ON s.lid = t.lid AND t.language = %s WHERE s.location LIKE %s AND s.textgroup = 'default' ORDER BY t.plural DESC", "%.js%", $language->language);
$translations = $plurals = array();
while ($data = db_fetch_object($result)) {
@@ -2124,14 +2124,14 @@ function _locale_rebuild_js($langcode =
$language->javascript = $filepath ? $data_hash : '';
// Save the new JavaScript hash.
- db_query("UPDATE {languages} SET javascript = '%s' WHERE language = '%s'", $language->javascript, $language->language);
+ db_query("UPDATE {languages} SET javascript = %s WHERE language = %s", $language->javascript, $language->language);
// Update the default language variable if the default language has been altered.
// This is necessary to keep the variable consistent with the database
// version of the language and to prevent checking against an outdated hash.
$default_langcode = language_default('language');
if ($default_langcode == $language->language) {
- $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = '%s'", $default_langcode));
+ $default = db_fetch_object(db_query("SELECT * FROM {languages} WHERE language = %s", $default_langcode));
variable_set('language_default', $default);
}
@@ -2156,7 +2156,7 @@ function _locale_rebuild_js($langcode =
elseif (!empty($language->javascript)) {
// Delete the old JavaScript file
file_delete(file_create_path(variable_get('locale_js_directory', 'languages') .'/'. $language->language .'_'. $language->javascript .'.js'));
- db_query("UPDATE {languages} SET javascript = '' WHERE language = '%s'", $language->language);
+ db_query("UPDATE {languages} SET javascript = '' WHERE language = %s", $language->language);
watchdog('locale', 'Deleted JavaScript translation file for the locale %language.', array('%language' => t($language->name)));
}
}
diff -urpN drupal/includes/menu.inc drupal-6.x-dev-pre7-0.5.1/includes/menu.inc
--- drupal/includes/menu.inc 2007-09-10 20:21:30.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/menu.inc 2007-09-17 11:34:51.000000000 +0800
@@ -196,7 +196,7 @@ define('MENU_MAX_DEPTH', 9);
* array('node', '12345', 'edit').
* @return
* An array which contains the ancestors and placeholders. Placeholders
- * simply contain as many '%s' as the ancestors.
+ * simply contain as many %s as the ancestors.
*/
function menu_get_ancestors($parts) {
$number_parts = count($parts);
@@ -227,7 +227,7 @@ function menu_get_ancestors($parts) {
$current .= '/';
}
}
- $placeholders[] = "'%s'";
+ $placeholders[] = "%s";
$ancestors[] = $current;
}
return array($ancestors, $placeholders);
@@ -656,7 +656,7 @@ function menu_tree_all_data($menu_name =
$data['tree'] = menu_tree_data(db_query("
SELECT m.load_functions, m.to_arg_functions, m.access_callback, m.access_arguments, m.page_callback, m.page_arguments, m.title, m.title_callback, m.title_arguments, m.type, ml.*
FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path
- WHERE ml.menu_name = '%s'". $where ."
+ WHERE ml.menu_name = %s". $where ."
ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
$data['node_links'] = array();
menu_tree_collect_node_links($data['tree'], $data['node_links']);
@@ -704,12 +704,12 @@ function menu_tree_page_data($menu_name
// Build and run the query, and build the tree.
if ($item['access']) {
// Check whether a menu link exists that corresponds to the current path.
- $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $item['href']));
+ $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = %s AND link_path = %s", $menu_name, $item['href']));
if (empty($parents)) {
// If no link exists, we may be on a local task that's not in the links.
// TODO: Handle the case like a local task on a specific node in the menu.
- $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $item['tab_root']));
+ $parents = db_fetch_array(db_query("SELECT p1, p2, p3, p4, p5, p6, p7, p8 FROM {menu_links} WHERE menu_name = %s AND link_path = %s", $menu_name, $item['tab_root']));
}
// We always want all the top-level links with plid == 0.
$parents[] = '0';
@@ -723,7 +723,7 @@ function menu_tree_page_data($menu_name
// Collect all the links set to be expanded, and then add all of
// their children to the list as well.
do {
- $result = db_query("SELECT mlid FROM {menu_links} WHERE menu_name = '%s' AND expanded = 1 AND has_children = 1 AND plid IN (". $placeholders .') AND mlid NOT IN ('. $placeholders .')', array_merge(array($menu_name), $args, $args));
+ $result = db_query("SELECT mlid FROM {menu_links} WHERE menu_name = %s AND expanded = 1 AND has_children = 1 AND plid IN (". $placeholders .') AND mlid NOT IN ('. $placeholders .')', array_merge(array($menu_name), $args, $args));
$num_rows = FALSE;
while ($item = db_fetch_array($result)) {
$args[] = $item['mlid'];
@@ -746,7 +746,7 @@ function menu_tree_page_data($menu_name
$data['tree'] = menu_tree_data(db_query("
SELECT m.load_functions, m.to_arg_functions, m.access_callback, m.access_arguments, m.page_callback, m.page_arguments, m.title, m.title_callback, m.title_arguments, m.type, ml.*
FROM {menu_links} ml LEFT JOIN {menu_router} m ON m.path = ml.router_path
- WHERE ml.menu_name = '%s' AND ml.plid IN (". $placeholders .")
+ WHERE ml.menu_name = %s AND ml.plid IN (". $placeholders .")
ORDER BY p1 ASC, p2 ASC, p3 ASC, p4 ASC, p5 ASC, p6 ASC, p7 ASC, p8 ASC, p9 ASC", $args), $parents);
$data['node_links'] = array();
menu_tree_collect_node_links($data['tree'], $data['node_links']);
@@ -1080,7 +1080,7 @@ function menu_local_tasks($level = 0, $r
return '';
}
// Get all tabs and the root page.
- $result = db_query("SELECT * FROM {menu_router} WHERE tab_root = '%s' ORDER BY weight, title", $router_item['tab_root']);
+ $result = db_query("SELECT * FROM {menu_router} WHERE tab_root = %s ORDER BY weight, title", $router_item['tab_root']);
$map = arg();
$children = array();
$tasks = array();
@@ -1481,7 +1481,7 @@ function _menu_navigation_links_rebuild(
array_multisort($sort, SORT_NUMERIC, $menu_links);
foreach ($menu_links as $item) {
- $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = '%s' AND module = '%s'", $item['link_path'], 'system'));
+ $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = %s AND module = %s", $item['link_path'], 'system'));
if ($existing_item) {
$item['mlid'] = $existing_item['mlid'];
$item['menu_name'] = $existing_item['menu_name'];
@@ -1496,7 +1496,7 @@ function _menu_navigation_links_rebuild(
while ($item = db_fetch_array($result)) {
$router_path = _menu_find_router_path($menu, $item['link_path']);
if (!empty($router_path) && $router_path != $item['router_path']) {
- db_query("UPDATE {menu_links} SET router_path = '%s' WHERE mlid = %d", $router_path, $item['mlid']);
+ db_query("UPDATE {menu_links} SET router_path = %s WHERE mlid = %d", $router_path, $item['mlid']);
}
}
}
@@ -1514,7 +1514,7 @@ function menu_link_delete($mlid, $path =
_menu_delete_item(db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE mlid = %d", $mlid)));
}
else {
- $result = db_query("SELECT * FROM {menu_links} WHERE link_path = '%s'", $path);
+ $result = db_query("SELECT * FROM {menu_links} WHERE link_path = %s", $path);
while ($link = db_fetch_array($result)) {
_menu_delete_item($link);
}
@@ -1592,13 +1592,13 @@ function menu_link_save(&$item) {
// Find the parent - it must be in the same menu.
if (isset($item['plid'])) {
- $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = '%s' AND mlid = %d", $menu_name, $item['plid']));
+ $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = %s AND mlid = %d", $menu_name, $item['plid']));
}
else {
$parent_path = $item['link_path'];
do {
$parent_path = substr($parent_path, 0, strrpos($parent_path, '/'));
- $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = '%s' AND link_path = '%s'", $menu_name, $parent_path));
+ $parent = db_fetch_array(db_query("SELECT * FROM {menu_links} WHERE menu_name = %s AND link_path = %s", $menu_name, $parent_path));
} while ($parent === FALSE && $parent_path);
}
// Menu callbacks need to be in the links table for breadcrumbs, but can't
@@ -1617,10 +1617,10 @@ function menu_link_save(&$item) {
expanded, weight,
module, link_title, options,
customized, updated) VALUES (
- '%s', %d, '%s',
+ %s, %d, %s,
%d, %d, %d,
%d, %d,
- '%s', '%s', '%s', %d, %d)",
+ %s, %s, %s, %d, %d)",
$item['menu_name'], $item['plid'], $item['link_path'],
$item['hidden'], $item['_external'], $item['has_children'],
$item['expanded'], $item['weight'],
@@ -1666,11 +1666,11 @@ function menu_link_save(&$item) {
$item['router_path'] = _menu_find_router_path($menu, $item['link_path']);
}
}
- db_query("UPDATE {menu_links} SET menu_name = '%s', plid = %d, link_path = '%s',
- router_path = '%s', hidden = %d, external = %d, has_children = %d,
+ db_query("UPDATE {menu_links} SET menu_name = %s, plid = %d, link_path = %s,
+ router_path = %s, hidden = %d, external = %d, has_children = %d,
expanded = %d, weight = %d, depth = %d,
p1 = %d, p2 = %d, p3 = %d, p4 = %d, p5 = %d, p6 = %d, p7 = %d, p8 = %d, p9 = %d,
- module = '%s', link_title = '%s', options = '%s', customized = %d WHERE mlid = %d",
+ module = %s, link_title = %s, options = %s, customized = %d WHERE mlid = %d",
$item['menu_name'], $item['plid'], $item['link_path'],
$item['router_path'], $item['hidden'], $item['_external'], $item['has_children'],
$item['expanded'], $item['weight'], $item['depth'],
@@ -1742,7 +1742,7 @@ function menu_link_children_relative_dep
$p = 'p'. ++$i;
}
- $max_depth = db_result(db_query_range("SELECT depth FROM {menu_links} WHERE menu_name = '%s'". $match ." ORDER BY depth DESC", $args, 0, 1));
+ $max_depth = db_result(db_query_range("SELECT depth FROM {menu_links} WHERE menu_name = %s". $match ." ORDER BY depth DESC", $args, 0, 1));
return ($max_depth > $item['depth']) ? $max_depth - $item['depth'] : 0;
}
@@ -1756,7 +1756,7 @@ function menu_link_children_relative_dep
function _menu_link_move_children($item, $existing_item) {
$args[] = $item['menu_name'];
- $set[] = "menu_name = '%s'";
+ $set[] = "menu_name = %s";
$i = 1;
while ($i <= $item['depth']) {
@@ -1788,7 +1788,7 @@ function _menu_link_move_children($item,
$args[] = $shift;
$set[] = 'depth = depth + %d';
}
- $where[] = "menu_name = '%s'";
+ $where[] = "menu_name = %s";
$args[] = $existing_item['menu_name'];
$p = 'p1';
for ($i = 1; $i <= MENU_MAX_DEPTH && $existing_item[$p]; $p = 'p'. ++$i) {
@@ -1810,7 +1810,7 @@ function _menu_update_parental_status($i
// We may want to exclude the passed link as a possible child.
$where = $exclude ? " AND mlid != %d" : '';
// Check if at least one visible child exists in the table.
- $parent_has_children = (bool)db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE menu_name = '%s' AND plid = %d AND hidden = 0". $where, $item['menu_name'], $item['plid'], $item['mlid'], 0, 1));
+ $parent_has_children = (bool)db_result(db_query_range("SELECT mlid FROM {menu_links} WHERE menu_name = %s AND plid = %d AND hidden = 0". $where, $item['menu_name'], $item['plid'], $item['mlid'], 0, 1));
db_query("UPDATE {menu_links} SET has_children = %d WHERE mlid = %d", $parent_has_children, $item['plid']);
}
}
@@ -1997,11 +1997,11 @@ function _menu_router_build($callbacks)
number_parts, tab_parent, tab_root,
title, title_callback, title_arguments,
type, block_callback, description, position, weight, file)
- VALUES ('%s', '%s', '%s', '%s',
- '%s', '%s', '%s', %d,
- %d, '%s', '%s',
- '%s', '%s', '%s',
- %d, '%s', '%s', '%s', %d, '%s')",
+ VALUES (%s, %s, %s, %s,
+ %s, %s, %s, %d,
+ %d, %s, %s,
+ %s, %s, %s,
+ %d, %s, %s, %s, %d, %s)",
$path, $item['load_functions'], $item['to_arg_functions'], $item['access callback'],
serialize($item['access arguments']), $item['page callback'], serialize($item['page arguments']), $item['_fit'],
$item['_number_parts'], $item['tab_parent'], $item['tab_root'],
diff -urpN drupal/includes/module.inc drupal-6.x-dev-pre7-0.5.1/includes/module.inc
--- drupal/includes/module.inc 2007-09-05 05:10:45.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/module.inc 2007-09-17 11:34:51.000000000 +0800
@@ -138,13 +138,13 @@ function module_rebuild_cache() {
// Update the contents of the system table:
if (isset($file->status) || (isset($file->old_filename) && $file->old_filename != $file->filename)) {
- db_query("UPDATE {system} SET info = '%s', name = '%s', filename = '%s', bootstrap = %d WHERE filename = '%s'", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
+ db_query("UPDATE {system} SET info = %s, name = %s, filename = %s, bootstrap = %d WHERE filename = %s", serialize($files[$filename]->info), $file->name, $file->filename, $bootstrap, $file->old_filename);
}
else {
// This is a new module.
$files[$filename]->status = 0;
$files[$filename]->throttle = 0;
- db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES ('%s', '%s', '%s', '%s', %d, %d, %d)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
+ db_query("INSERT INTO {system} (name, info, type, filename, status, throttle, bootstrap) VALUES (%s, %s, %s, %s, %d, %d, %d)", $file->name, serialize($files[$filename]->info), 'module', $file->filename, 0, 0, $bootstrap);
}
}
$files = _module_build_dependents($files);
@@ -242,10 +242,10 @@ function module_load_all_includes($type,
function module_enable($module_list) {
$invoke_modules = array();
foreach ($module_list as $module) {
- $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = '%s' AND name = '%s'", 'module', $module));
+ $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = %s AND name = %s", 'module', $module));
if ($existing->status == 0) {
module_load_install($module);
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 1, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = %s AND name = %s", 1, 0, 'module', $module);
drupal_load('module', $module);
$invoke_modules[] = $module;
}
@@ -284,7 +284,7 @@ function module_disable($module_list) {
module_load_install($module);
module_invoke($module, 'disable');
- db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 0, 0, 'module', $module);
+ db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = %s AND name = %s", 0, 0, 'module', $module);
$invoke_modules[] = $module;
}
}
diff -urpN drupal/includes/path.inc drupal-6.x-dev-pre7-0.5.1/includes/path.inc
--- drupal/includes/path.inc 2007-06-18 14:59:11.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/path.inc 2007-09-17 11:34:51.000000000 +0800
@@ -65,7 +65,7 @@ function drupal_lookup_path($action, $pa
return $map[$path_language][$path];
}
// Get the most fitting result falling back with alias without language
- $alias = db_result(db_query("SELECT dst FROM {url_alias} WHERE src = '%s' AND language IN('%s', '') ORDER BY language DESC", $path, $path_language));
+ $alias = db_result(db_query("SELECT dst FROM {url_alias} WHERE src = %s AND language IN(%s, '') ORDER BY language DESC", $path, $path_language));
$map[$path_language][$path] = $alias;
return $alias;
}
@@ -76,7 +76,7 @@ function drupal_lookup_path($action, $pa
$src = '';
if (!isset($map[$path_language]) || !($src = array_search($path, $map[$path_language]))) {
// Get the most fitting result falling back with alias without language
- if ($src = db_result(db_query("SELECT src FROM {url_alias} WHERE dst = '%s' AND language IN('%s', '') ORDER BY language DESC", $path, $path_language))) {
+ if ($src = db_result(db_query("SELECT src FROM {url_alias} WHERE dst = %s AND language IN(%s, '') ORDER BY language DESC", $path, $path_language))) {
$map[$path_language][$src] = $path;
}
else {
diff -urpN drupal/includes/session.inc drupal-6.x-dev-pre7-0.5.1/includes/session.inc
--- drupal/includes/session.inc 2007-08-12 23:55:35.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/session.inc 2007-09-17 11:34:51.000000000 +0800
@@ -29,7 +29,7 @@ function sess_read($key) {
}
// Otherwise, if the session is still active, we have a record of the client's session in the database.
- $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = '%s'", $key));
+ $user = db_fetch_object(db_query("SELECT u.*, s.* FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.sid = %s", $key));
// We found the client's session record and they are an authenticated user
if ($user && $user->uid > 0) {
@@ -61,7 +61,7 @@ function sess_write($key, $value) {
return TRUE;
}
- $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = '%s'", $key));
+ $result = db_result(db_query("SELECT COUNT(*) FROM {sessions} WHERE sid = %s", $key));
if (!$result) {
// Only save session data when when the browser sends a cookie. This keeps
@@ -69,11 +69,11 @@ function sess_write($key, $value) {
// and gives more useful statistics. We can't eliminate anonymous session
// table rows without breaking throttle module and "Who's Online" block.
if ($user->uid || $value || count($_COOKIE)) {
- db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES ('%s', %d, %d, '%s', '%s', %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
+ db_query("INSERT INTO {sessions} (sid, uid, cache, hostname, session, timestamp) VALUES (%s, %d, %d, %s, %s, %d)", $key, $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time());
}
}
else {
- db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = '%s', session = '%s', timestamp = %d WHERE sid = '%s'", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
+ db_query("UPDATE {sessions} SET uid = %d, cache = %d, hostname = %s, session = %s, timestamp = %d WHERE sid = %s", $user->uid, isset($user->cache) ? $user->cache : '', ip_address(), $value, time(), $key);
// Last access time is updated no more frequently than once every 180 seconds.
// This reduces contention in the users table.
@@ -102,7 +102,7 @@ function sess_regenerate() {
session_regenerate_id();
- db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+ db_query("UPDATE {sessions} SET sid = %s WHERE sid = %s", session_id(), $old_session_id);
}
/**
@@ -130,7 +130,7 @@ function sess_count($timestamp = 0, $ano
* the session id
*/
function sess_destroy_sid($sid) {
- db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
+ db_query("DELETE FROM {sessions} WHERE sid = %s", $sid);
}
/**
diff -urpN drupal/includes/theme.inc drupal-6.x-dev-pre7-0.5.1/includes/theme.inc
--- drupal/includes/theme.inc 2007-09-10 21:28:22.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/theme.inc 2007-09-17 11:34:51.000000000 +0800
@@ -371,7 +371,7 @@ function list_themes($refresh = FALSE) {
if (empty($list)) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s'", 'theme');
+ $result = db_query("SELECT * FROM {system} WHERE type = %s", 'theme');
while ($theme = db_fetch_object($result)) {
if (file_exists($theme->filename)) {
$theme->info = unserialize($theme->info);
@@ -418,7 +418,7 @@ function list_theme_engines($refresh = F
if (!$list) {
$list = array();
- $result = db_query("SELECT * FROM {system} WHERE type = '%s' AND status = %d ORDER BY name", 'theme_engine', '1');
+ $result = db_query("SELECT * FROM {system} WHERE type = %s AND status = %d ORDER BY name", 'theme_engine', '1');
while ($engine = db_fetch_object($result)) {
if (file_exists($engine->filename)) {
$engine->info = unserialize($engine->info);
diff -urpN drupal/includes/unicode.inc drupal-6.x-dev-pre7-0.5.1/includes/unicode.inc
--- drupal/includes/unicode.inc 2007-05-12 14:08:56.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/includes/unicode.inc 2007-09-17 11:34:51.000000000 +0800
@@ -148,7 +148,7 @@ function drupal_xml_parser_create(&$data
$data = ereg_replace('^(<\?xml[^>]+encoding)="([^"]+)"', '\\1="utf-8"', $out);
}
else {
- watchdog('php', 'Could not convert XML encoding %s to UTF-8.', array('%s' => $encoding), WATCHDOG_WARNING);
+ watchdog('php', 'Could not convert XML encoding %encoding to UTF-8.', array('%encoding' => $encoding), WATCHDOG_WARNING);
return 0;
}
}
@@ -181,7 +181,7 @@ function drupal_convert_to_utf8($data, $
$out = @recode_string($encoding .'..utf-8', $data);
}
else {
- watchdog('php', 'Unsupported encoding %s. Please install iconv, GNU recode or mbstring for PHP.', array('%s' => $encoding), WATCHDOG_ERROR);
+ watchdog('php', 'Unsupported encoding %encoding. Please install iconv, GNU recode or mbstring for PHP.', array('%encoding' => $encoding), WATCHDOG_ERROR);
return FALSE;
}
diff -urpN drupal/index.php drupal-6.x-dev-pre7-0.5.1/index.php
--- drupal/index.php 2007-04-06 21:27:20.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/index.php 2007-09-17 15:52:14.000000000 +0800
@@ -1,6 +1,12 @@
");
+ print_r($msg);
+ print("");
+}
+
/**
* @file
* The PHP page that serves all page requests on a Drupal installation.
diff -urpN drupal/install.php drupal-6.x-dev-pre7-0.5.1/install.php
--- drupal/install.php 2007-09-10 03:46:54.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/install.php 2007-09-17 11:34:51.000000000 +0800
@@ -128,7 +128,7 @@ function install_main() {
*/
function install_verify_drupal() {
// Read the variable manually using the @ so we don't trigger an error if it fails.
- $result = @db_query("SELECT value FROM {variable} WHERE name = '%s'", 'install_task');
+ $result = @db_query("SELECT value FROM {variable} WHERE name = %s", 'install_task');
if ($result) {
return unserialize(db_result($result));
}
diff -urpN drupal/modules/aggregator/aggregator.admin.inc drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.admin.inc
--- drupal/modules/aggregator/aggregator.admin.inc 2007-09-05 16:31:48.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.admin.inc 2007-09-17 11:34:51.000000000 +0800
@@ -112,10 +112,10 @@ function aggregator_form_feed_validate($
}
// Check for duplicate titles.
if (isset($form_state['values']['fid'])) {
- $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE (title = '%s' OR url='%s') AND fid != %d", $form_state['values']['title'], $form_state['values']['url'], $form_state['values']['fid']);
+ $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE (title = %s OR url=%s) AND fid != %d", $form_state['values']['title'], $form_state['values']['url'], $form_state['values']['fid']);
}
else {
- $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE title = '%s' OR url='%s'", $form_state['values']['title'], $form_state['values']['url']);
+ $result = db_query("SELECT title, url FROM {aggregator_feed} WHERE title = %s OR url=%s", $form_state['values']['title'], $form_state['values']['url']);
}
while ($feed = db_fetch_object($result)) {
if (strcasecmp($feed->title, $form_state['values']['title']) == 0) {
@@ -258,10 +258,10 @@ function aggregator_form_category_valida
if ($form_state['values']['op'] == t('Save')) {
// Check for duplicate titles
if (isset($form_state['values']['cid'])) {
- $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = '%s' AND cid != %d", $form_state['values']['title'], $form_state['values']['cid']));
+ $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = %s AND cid != %d", $form_state['values']['title'], $form_state['values']['cid']));
}
else {
- $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = '%s'", $form_state['values']['title']));
+ $category = db_fetch_object(db_query("SELECT cid FROM {aggregator_category} WHERE title = %s", $form_state['values']['title']));
}
if ($category) {
form_set_error('title', t('A category named %category already exists. Please enter a unique title.', array('%category' => $form_state['values']['title'])));
diff -urpN drupal/modules/aggregator/aggregator.module drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.module
--- drupal/modules/aggregator/aggregator.module 2007-09-13 16:02:38.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.module 2007-09-17 11:34:51.000000000 +0800
@@ -354,14 +354,14 @@ function aggregator_block($op = 'list',
*/
function aggregator_save_category($edit) {
if (!empty($edit['cid']) && !empty($edit['title'])) {
- db_query("UPDATE {aggregator_category} SET title = '%s', description = '%s' WHERE cid = %d", $edit['title'], $edit['description'], $edit['cid']);
+ db_query("UPDATE {aggregator_category} SET title = %s, description = %s WHERE cid = %d", $edit['title'], $edit['description'], $edit['cid']);
}
else if (!empty($edit['cid'])) {
db_query('DELETE FROM {aggregator_category} WHERE cid = %d', $edit['cid']);
}
else if (!empty($edit['title'])) {
// A single unique id for bundles and feeds, to use in blocks
- db_query("INSERT INTO {aggregator_category} (title, description, block) VALUES ('%s', '%s', 5)", $edit['title'], $edit['description']);
+ db_query("INSERT INTO {aggregator_category} (title, description, block) VALUES (%s, %s, 5)", $edit['title'], $edit['description']);
}
}
@@ -374,7 +374,7 @@ function aggregator_save_feed($edit) {
db_query('DELETE FROM {aggregator_category_feed} WHERE fid = %d', $edit['fid']);
}
if (!empty($edit['fid']) && !empty($edit['title'])) {
- db_query("UPDATE {aggregator_feed} SET title = '%s', url = '%s', refresh = %d WHERE fid = %d", $edit['title'], $edit['url'], $edit['refresh'], $edit['fid']);
+ db_query("UPDATE {aggregator_feed} SET title = %s, url = %s, refresh = %d WHERE fid = %d", $edit['title'], $edit['url'], $edit['refresh'], $edit['fid']);
}
else if (!empty($edit['fid'])) {
$items = array();
@@ -389,7 +389,7 @@ function aggregator_save_feed($edit) {
db_query('DELETE FROM {aggregator_item} WHERE fid = %d', $edit['fid']);
}
else if (!empty($edit['title'])) {
- db_query("INSERT INTO {aggregator_feed} (title, url, refresh, block, description, image) VALUES ('%s', '%s', %d, 5, '', '')", $edit['title'], $edit['url'], $edit['refresh']);
+ db_query("INSERT INTO {aggregator_feed} (title, url, refresh, block, description, image) VALUES (%s, %s, %d, 5, '', '')", $edit['title'], $edit['url'], $edit['refresh']);
// A single unique id for bundles and feeds, to use in blocks.
$edit['fid'] = db_last_insert_id('aggregator_feed', 'fid');
}
@@ -596,7 +596,7 @@ function aggregator_refresh($feed) {
** Update the feed data:
*/
- db_query("UPDATE {aggregator_feed} SET url = '%s', checked = %d, link = '%s', description = '%s', image = '%s', etag = '%s', modified = %d WHERE fid = %d", $feed['url'], time(), $channel['LINK'], $channel['DESCRIPTION'], $image, $etag, $modified, $feed['fid']);
+ db_query("UPDATE {aggregator_feed} SET url = %s, checked = %d, link = %s, description = %s, image = %s, etag = %s, modified = %d WHERE fid = %d", $feed['url'], time(), $channel['LINK'], $channel['DESCRIPTION'], $image, $etag, $modified, $feed['fid']);
/*
** Clear the cache:
@@ -759,13 +759,13 @@ function aggregator_parse_feed(&$data, $
*/
if (!empty($guid)) {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND guid = '%s'", $feed['fid'], $guid));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND guid = %s", $feed['fid'], $guid));
}
else if ($link && $link != $feed['link'] && $link != $feed['url']) {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND link = '%s'", $feed['fid'], $link));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND link = %s", $feed['fid'], $link));
}
else {
- $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND title = '%s'", $feed['fid'], $title));
+ $entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND title = %s", $feed['fid'], $title));
}
$item += array('AUTHOR' => '', 'DESCRIPTION' => '');
aggregator_save_item(array('iid' => (isset($entry->iid) ? $entry->iid: ''), 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION'], 'guid' => $guid));
@@ -794,15 +794,17 @@ function aggregator_parse_feed(&$data, $
function aggregator_save_item($edit) {
if ($edit['iid'] && $edit['title']) {
- db_query("UPDATE {aggregator_item} SET title = '%s', link = '%s', author = '%s', description = '%s', guid = '%s', timestamp = %d WHERE iid = %d", $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['guid'], $edit['timestamp'], $edit['iid']);
+ db_query("UPDATE {aggregator_item} SET title = %s, link = %s, author = %s, description = %c, guid = %s, timestamp = %d WHERE iid = %d", $edit['title'], $edit['link'], $edit['author'], NULL, $edit['guid'], $edit['timestamp'], $edit['iid']);
+ db_update_clob('iid = %d', $edit['iid'], db_prefix_tables('{aggregator_item}'), 'description', $edit['description']);
}
else if ($edit['iid']) {
db_query('DELETE FROM {aggregator_item} WHERE iid = %d', $edit['iid']);
db_query('DELETE FROM {aggregator_category_item} WHERE iid = %d', $edit['iid']);
}
else if ($edit['title'] && $edit['link']) {
- db_query("INSERT INTO {aggregator_item} (fid, title, link, author, description, timestamp, guid) VALUES (%d, '%s', '%s', '%s', '%s', %d, '%s')", $edit['fid'], $edit['title'], $edit['link'], $edit['author'], $edit['description'], $edit['timestamp'], $edit['guid']);
+ db_query("INSERT INTO {aggregator_item} (fid, title, link, author, description, timestamp, guid) VALUES (%d, %s, %s, %s, %c, %d, %s)", $edit['fid'], $edit['title'], $edit['link'], $edit['author'], NULL, $edit['timestamp'], $edit['guid']);
$edit['iid'] = db_last_insert_id('aggregator_item', 'iid');
+ db_update_clob('iid = %d', $edit['iid'], db_prefix_tables('{aggregator_item}'), 'description', $edit['description']);
// file the items in the categories indicated by the feed
$categories = db_query('SELECT cid FROM {aggregator_category_feed} WHERE fid = %d', $edit['fid']);
while ($category = db_fetch_object($categories)) {
diff -urpN drupal/modules/aggregator/aggregator.pages.inc drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.pages.inc
--- drupal/modules/aggregator/aggregator.pages.inc 2007-09-13 16:02:38.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.pages.inc 2007-09-17 11:34:51.000000000 +0800
@@ -201,7 +201,7 @@ function template_preprocess_aggregator_
$variables['feed_url'] = check_url($item->link);
$variables['feed_title'] = check_plain($item->title);
- $variables['content'] = aggregator_filter_xss($item->description);
+ $variables['content'] = aggregator_filter_xss(db_decode_clob($item->description));
$variables['source_url'] = '';
$variables['source_title'] = '';
@@ -311,6 +311,7 @@ function theme_aggregator_page_rss($feed
$items = '';
$feed_length = variable_get('feed_item_length', 'teaser');
foreach ($feeds as $feed) {
+ $feed->description = db_decode_clob($feed->description);
switch ($feed_length) {
case 'teaser':
$teaser = node_teaser($feed->description);
@@ -432,7 +433,7 @@ function template_preprocess_aggregator_
$variables['source_icon'] = theme('feed_icon', $feed->url, t('!title feed', array('!title' => $feed->title)));
$variables['source_image'] = $feed->image;
- $variables['source_description'] = aggregator_filter_xss($feed->description);
+ $variables['source_description'] = aggregator_filter_xss(db_decode_clob($feed->description));
$variables['source_url'] = check_url(url($feed->link, array('absolute' => TRUE)));
if ($feed->checked) {
diff -urpN drupal/modules/aggregator/aggregator.schema drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.schema
--- drupal/modules/aggregator/aggregator.schema 2007-07-15 18:09:21.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/aggregator/aggregator.schema 2007-09-17 11:34:51.000000000 +0800
@@ -57,7 +57,7 @@ function aggregator_schema() {
'title' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'link' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'author' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
- 'description' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
+ 'description' => array('type' => 'clob', 'not null' => TRUE, 'size' => 'big'),
'timestamp' => array('type' => 'int', 'not null' => FALSE),
'guid' => array('type' => 'varchar', 'length' => 255, 'not null' => FALSE)
),
diff -urpN drupal/modules/block/block.admin.inc drupal-6.x-dev-pre7-0.5.1/modules/block/block.admin.inc
--- drupal/modules/block/block.admin.inc 2007-09-01 13:31:09.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/block/block.admin.inc 2007-09-17 11:34:51.000000000 +0800
@@ -66,7 +66,7 @@ function block_admin_display_submit($for
foreach ($form_state['values'] as $block) {
$block['status'] = $block['region'] != BLOCK_REGION_NONE;
$block['region'] = $block['status'] ? $block['region'] : '';
- db_query("UPDATE {blocks} SET status = %d, weight = %d, region = '%s', throttle = %d WHERE module = '%s' AND delta = '%s' AND theme = '%s'", $block['status'], $block['weight'], $block['region'], isset($block['throttle']) ? $block['throttle'] : 0, $block['module'], $block['delta'], $block['theme']);
+ db_query("UPDATE {blocks} SET status = %d, weight = %d, region = %s, throttle = %d WHERE module = %s AND delta = %s AND theme = %s", $block['status'], $block['weight'], $block['region'], isset($block['throttle']) ? $block['throttle'] : 0, $block['module'], $block['delta'], $block['theme']);
}
drupal_set_message(t('The block settings have been updated.'));
cache_clear_all();
@@ -103,7 +103,7 @@ function block_admin_configure(&$form_st
$form['module'] = array('#type' => 'value', '#value' => $module);
$form['delta'] = array('#type' => 'value', '#value' => $delta);
- $edit = db_fetch_array(db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = '%s' AND delta = '%s'", $module, $delta));
+ $edit = db_fetch_array(db_query("SELECT pages, visibility, custom, title FROM {blocks} WHERE module = %s AND delta = %s", $module, $delta));
$form['block_settings'] = array(
'#type' => 'fieldset',
@@ -153,7 +153,7 @@ function block_admin_configure(&$form_st
// Role-based visibility settings
$default_role_options = array();
- $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $module, $delta);
+ $result = db_query("SELECT rid FROM {blocks_roles} WHERE module = %s AND delta = %s", $module, $delta);
while ($role = db_fetch_object($result)) {
$default_role_options[] = $role->rid;
}
@@ -219,7 +219,7 @@ function block_admin_configure(&$form_st
function block_admin_configure_validate($form, &$form_state) {
if ($form_state['values']['module'] == 'block') {
- if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE bid != %d AND info = '%s'", $form_state['values']['delta'], $form_state['values']['info']))) {
+ if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE bid != %d AND info = %s", $form_state['values']['delta'], $form_state['values']['info']))) {
form_set_error('info', t('Please ensure that each block description is unique.'));
}
}
@@ -227,10 +227,10 @@ function block_admin_configure_validate(
function block_admin_configure_submit($form, &$form_state) {
if (!form_get_errors()) {
- db_query("UPDATE {blocks} SET visibility = %d, pages = '%s', custom = %d, title = '%s' WHERE module = '%s' AND delta = '%s'", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $form_state['values']['delta']);
- db_query("DELETE FROM {blocks_roles} WHERE module = '%s' AND delta = '%s'", $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("UPDATE {blocks} SET visibility = %d, pages = %s, custom = %d, title = %s WHERE module = %s AND delta = %s", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("DELETE FROM {blocks_roles} WHERE module = %s AND delta = %s", $form_state['values']['module'], $form_state['values']['delta']);
foreach (array_filter($form_state['values']['roles']) as $rid) {
- db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_state['values']['module'], $form_state['values']['delta']);
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, %s, %s)", $rid, $form_state['values']['module'], $form_state['values']['delta']);
}
module_invoke($form_state['values']['module'], 'block', 'save', $form_state['values']['delta'], $form_state['values']);
drupal_set_message(t('The block configuration has been saved.'));
@@ -248,7 +248,7 @@ function block_add_block_form(&$form_sta
}
function block_add_block_form_validate($form, &$form_state) {
- if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE info = '%s'", $form_state['values']['info']))) {
+ if (empty($form_state['values']['info']) || db_result(db_query("SELECT COUNT(*) FROM {boxes} WHERE info = %s", $form_state['values']['info']))) {
form_set_error('info', t('Please ensure that each block description is unique.'));
}
}
@@ -257,17 +257,18 @@ function block_add_block_form_validate($
* Save the new custom block.
*/
function block_add_block_form_submit($form, &$form_state) {
- db_query("INSERT INTO {boxes} (body, info, format) VALUES ('%s', '%s', %d)", $form_state['values']['body'], $form_state['values']['info'], $form_state['values']['format']);
+ db_query("INSERT INTO {boxes} (body, info, format) VALUES (%c, %s, %d)", NULL, $form_state['values']['info'], $form_state['values']['format']);
$delta = db_last_insert_id('boxes', 'bid');
+ db_update_clob('bid = %d', $delta, db_prefix_tables('{boxes}'), 'body', $form_state['values']['body']);
foreach (list_themes() as $key => $theme) {
if ($theme->status) {
- db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, '%s', %d, '%s', '%s', '%s', %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE);
+ db_query("INSERT INTO {blocks} (visibility, pages, custom, title, module, theme, status, weight, delta, cache) VALUES(%d, %s, %d, %s, %s, %s, %d, %d, %d, %d)", $form_state['values']['visibility'], trim($form_state['values']['pages']), $form_state['values']['custom'], $form_state['values']['title'], $form_state['values']['module'], $theme->name, 0, 0, $delta, BLOCK_NO_CACHE);
}
}
foreach (array_filter($form_state['values']['roles']) as $rid) {
- db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, '%s', '%s')", $rid, $form_state['values']['module'], $delta);
+ db_query("INSERT INTO {blocks_roles} (rid, module, delta) VALUES (%d, %s, %s)", $rid, $form_state['values']['module'], $delta);
}
drupal_set_message(t('The block has been created.'));
diff -urpN drupal/modules/block/block.module drupal-6.x-dev-pre7-0.5.1/modules/block/block.module
--- drupal/modules/block/block.module 2007-09-01 13:31:09.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/block/block.module 2007-09-17 11:34:51.000000000 +0800
@@ -199,7 +199,7 @@ function block_block($op = 'list', $delt
case 'view':
$block = db_fetch_object(db_query('SELECT body, format FROM {boxes} WHERE bid = %d', $delta));
- $data['content'] = check_markup($block->body, $block->format, FALSE);
+ $data['content'] = check_markup(db_decode_clob($block->body), $block->format, FALSE);
return $data;
}
}
@@ -215,7 +215,7 @@ function _block_rehash() {
init_theme();
- $result = db_query("SELECT * FROM {blocks} WHERE theme = '%s'", $theme_key);
+ $result = db_query("SELECT * FROM {blocks} WHERE theme = %s", $theme_key);
while ($old_block = db_fetch_object($result)) {
$old_blocks[$old_block->module][$old_block->delta] = $old_block;
}
@@ -258,7 +258,7 @@ function _block_rehash() {
db_lock_table('blocks');
// Remove all blocks from table.
- db_query("DELETE FROM {blocks} WHERE theme = '%s'", $theme_key);
+ db_query("DELETE FROM {blocks} WHERE theme = %s", $theme_key);
// Reinsert new set of blocks into table.
foreach ($blocks as $block) {
@@ -266,7 +266,7 @@ function _block_rehash() {
'visibility' => NULL,
'throttle' => NULL,
);
- db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, title, cache) VALUES ('%s', '%s', '%s', %d, %d, '%s', %d, '%s', %d, %d, '%s', %d)", $block['module'], $block['delta'], $theme_key, $block['status'], $block['weight'], $block['region'], $block['visibility'], $block['pages'], $block['custom'], $block['throttle'], $block['title'], $block['cache']);
+ db_query("INSERT INTO {blocks} (module, delta, theme, status, weight, region, visibility, pages, custom, throttle, title, cache) VALUES (%s, %s, %s, %d, %d, %s, %d, %s, %d, %d, %s, %d)", $block['module'], $block['delta'], $theme_key, $block['status'], $block['weight'], $block['region'], $block['visibility'], $block['pages'], $block['custom'], $block['throttle'], $block['title'], $block['cache']);
}
db_unlock_tables();
@@ -316,7 +316,8 @@ function block_box_save($edit, $delta) {
$edit['format'] = FILTER_FORMAT_DEFAULT;
}
- db_query("UPDATE {boxes} SET body = '%s', info = '%s', format = %d WHERE bid = %d", $edit['body'], $edit['info'], $edit['format'], $delta);
+ db_query("UPDATE {boxes} SET body = %c, info = %s, format = %d WHERE bid = %d", NULL, $edit['info'], $edit['format'], $delta);
+ db_update_clob('bid = %d', $delta, db_prefix_tables('{boxes}'), 'body', $edit['body']);
return TRUE;
}
@@ -379,7 +380,7 @@ function block_list($region) {
static $blocks = array();
if (!count($blocks)) {
- $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), $theme_key, implode(',', array_keys($user->roles)));
+ $result = db_query(db_rewrite_sql("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = %s AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", 'b', 'bid'), $theme_key, implode(',', array_keys($user->roles)));
while ($block = db_fetch_object($result)) {
if (!isset($blocks[$block->region])) {
$blocks[$block->region] = array();
@@ -511,4 +512,4 @@ function _block_get_cache_id($block) {
return implode(':', $cid_parts);
}
-}
\ No newline at end of file
+}
diff -urpN drupal/modules/block/block.schema drupal-6.x-dev-pre7-0.5.1/modules/block/block.schema
--- drupal/modules/block/block.schema 2007-09-15 01:46:32.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/block/block.schema 2007-09-17 11:37:30.000000000 +0800
@@ -37,7 +37,7 @@ function block_schema() {
$schema['boxes'] = array(
'fields' => array(
'bid' => array('type' => 'serial', 'unsigned' => TRUE, 'not null' => TRUE),
- 'body' => array('type' => 'text', 'not null' => FALSE, 'size' => 'big'),
+ 'body' => array('type' => 'clob', 'not null' => FALSE, 'size' => 'big'),
'info' => array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''),
'format' => array('type' => 'int', 'size' => 'small', 'not null' => TRUE, 'default' => 0)
),
diff -urpN drupal/modules/blogapi/blogapi.module drupal-6.x-dev-pre7-0.5.1/modules/blogapi/blogapi.module
--- drupal/modules/blogapi/blogapi.module 2007-09-05 16:42:01.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/blogapi/blogapi.module 2007-09-17 11:34:51.000000000 +0800
@@ -322,10 +322,10 @@ function blogapi_blogger_get_recent_post
$type = _blogapi_blogid($blogid);
if ($bodies) {
- $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, r.body, r.format, n.comment, n.created, u.name FROM {node} n, {node_revisions} r, {users} u WHERE n.uid = u.uid AND n.vid = r.vid AND n.type = %s AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
}
else {
- $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = '%s' AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
+ $result = db_query_range("SELECT n.nid, n.title, n.created, u.name FROM {node} n, {users} u WHERE n.uid = u.uid AND n.type = %s AND n.uid = %d ORDER BY n.created DESC", $type, $user->uid, 0, $number_of_posts);
}
$blogs = array();
while ($blog = db_fetch_object($result)) {
diff -urpN drupal/modules/book/book.module drupal-6.x-dev-pre7-0.5.1/modules/book/book.module
--- drupal/modules/book/book.module 2007-09-12 01:35:58.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/book/book.module 2007-09-17 11:34:51.000000000 +0800
@@ -1045,7 +1045,7 @@ function book_menu_subtree_data($item) {
$data = $cache->data;
}
else {
- $match = array("menu_name = '%s'");
+ $match = array("menu_name = %s");
$args = array($item['menu_name']);
$i = 1;
while ($i <= MENU_MAX_DEPTH && $item["p$i"]) {
diff -urpN drupal/modules/comment/comment.module drupal-6.x-dev-pre7-0.5.1/modules/comment/comment.module
--- drupal/modules/comment/comment.module 2007-09-11 22:50:04.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/comment/comment.module 2007-09-17 11:52:35.000000000 +0800
@@ -345,9 +345,9 @@ function comment_new_page_count($num_com
}
else {
// Oldest first: find the first thread with new comment
- $result = db_query('(SELECT thread FROM {comments} WHERE nid = %d AND status = 0 ORDER BY timestamp DESC LIMIT %d) ORDER BY SUBSTRING(thread, 1, (LENGTH(thread) - 1)) LIMIT 1', $nid, $new_replies);
+ $result = db_query('(SELECT thread FROM {comments} WHERE nid = %d AND status = 0 ORDER BY timestamp DESC LIMIT %d) ORDER BY ' . DB_SUBSTR . '(thread, 1, (' . DB_LENGTH . '(thread) - 1)) LIMIT 1', $nid, $new_replies);
$thread = substr(db_result($result), 0, -1);
- $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = 0 AND SUBSTRING(thread, 1, (LENGTH(thread) - 1)) < '". $thread ."'", $nid);
+ $result_count = db_query("SELECT COUNT(*) FROM {comments} WHERE nid = %d AND status = 0 AND " . DB_SUBSTR . "(thread, 1, (" . DB_LENGTH . "(thread) - 1)) < '". $thread ."'", $nid);
}
$count = db_result($result_count);
}
@@ -518,7 +518,7 @@ function comment_nodeapi(&$node, $op, $a
$text = '';
$comments = db_query('SELECT subject, comment, format FROM {comments} WHERE nid = %d AND status = %d', $node->nid, COMMENT_PUBLISHED);
while ($comment = db_fetch_object($comments)) {
- $text .= ''. check_plain($comment->subject) .'
'. check_markup($comment->comment, $comment->format, FALSE);
+ $text .= ''. check_plain($comment->subject) .'
'. check_markup(db_decode_clob($comment->comment), $comment->format, FALSE);
}
return $text;
@@ -776,7 +776,8 @@ function comment_save($edit) {
$edit += array('mail' => '', 'homepage' => '', 'name' => '');
if ($edit['cid']) {
// Update the comment in the database.
- db_query("UPDATE {comments} SET status = %d, timestamp = %d, subject = '%s', comment = '%s', format = %d, uid = %d, name = '%s', mail = '%s', homepage = '%s' WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], $edit['comment'], $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
+ db_query("UPDATE {comments} SET status = %d, timestamp = %d, subject = %s, comment = %c, format = %d, uid = %d, name = %s, mail = %s, homepage = %s WHERE cid = %d", $edit['status'], $edit['timestamp'], $edit['subject'], NULL, $edit['format'], $edit['uid'], $edit['name'], $edit['mail'], $edit['homepage'], $edit['cid']);
+ db_update_clob('cid = %d', $edit['cid'], db_prefix_tables('{comments}'), 'comment', $edit['comment']);
// Allow modules to respond to the updating of a comment.
comment_invoke_comment($edit, 'update');
@@ -812,7 +813,7 @@ function comment_save($edit) {
$parent->thread = (string) rtrim((string) $parent->thread, '/');
// Get the max value in _this_ thread.
- $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE '%s.%%' AND nid = %d", $parent->thread, $edit['nid']));
+ $max = db_result(db_query("SELECT MAX(thread) FROM {comments} WHERE thread LIKE %s AND nid = %d", $parent->thread . ".%", $edit['nid']));
if ($max == '') {
// First child of this parent.
@@ -838,8 +839,9 @@ function comment_save($edit) {
$edit['name'] = $user->name;
}
- db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (%d, %d, %d, '%s', '%s', %d, '%s', %d, %d, '%s', '%s', '%s', '%s')", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], ip_address(), $edit['timestamp'], $status, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
+ db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, format, hostname, timestamp, status, thread, name, mail, homepage) VALUES (%d, %d, %d, %s, %s, %d, %s, %d, %d, %s, %s, %s, %s)", $edit['nid'], $edit['pid'], $edit['uid'], $edit['subject'], $edit['comment'], $edit['format'], ip_address(), $edit['timestamp'], $status, $thread, $edit['name'], $edit['mail'], $edit['homepage']);
$edit['cid'] = db_last_insert_id('comments', 'cid');
+ db_update_clob('cid = %d', $edit['cid'], db_prefix_tables('{comments}'), 'comment', $edit['comment']);
// Tell the other modules a new comment has been submitted.
comment_invoke_comment($edit, 'insert');
@@ -1052,7 +1054,7 @@ function comment_render($node, $cid = 0)
** comment structure.
*/
- $query .= ' ORDER BY SUBSTRING(c.thread, 1, (LENGTH(c.thread) - 1))';
+ $query .= ' ORDER BY ' . DB_SUBSTR . '(c.thread, 1, (LENGTH(c.thread) - 1))';
}
}
$query = db_rewrite_sql($query, 'c', 'cid');
@@ -1247,7 +1249,7 @@ function comment_admin_overview($type =
while ($comment = db_fetch_object($result)) {
$comments[$comment->cid] = '';
$comment->name = $comment->uid ? $comment->registered_name : $comment->name;
- $form['subject'][$comment->cid] = array('#value' => l($comment->subject, 'node/'. $comment->nid, array('title' => truncate_utf8($comment->comment, 128), 'fragment' => 'comment-'. $comment->cid)));
+ $form['subject'][$comment->cid] = array('#value' => l($comment->subject, 'node/'. $comment->nid, array('title' => truncate_utf8(db_decode_clob($comment->comment), 128), 'fragment' => 'comment-'. $comment->cid)));
$form['username'][$comment->cid] = array('#value' => theme('username', $comment));
$form['timestamp'][$comment->cid] = array('#value' => format_date($comment->timestamp, 'small'));
$form['operations'][$comment->cid] = array('#value' => l(t('edit'), 'comment/edit/'. $comment->cid, array('query' => $destination)));
@@ -1449,7 +1451,7 @@ function comment_validate($edit) {
if (!$user->uid || isset($edit['is_anonymous'])) {
if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
if ($edit['name']) {
- $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']));
+ $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = %s", $edit['name']));
if ($taken != 0) {
form_set_error('name', t('The name you used belongs to a registered user.'));
@@ -1780,7 +1782,7 @@ function theme_comment_view($comment, $n
// Switch to folded/unfolded view of the comment
if ($visible) {
- $comment->comment = check_markup($comment->comment, $comment->format, FALSE);
+ $comment->comment = check_markup(db_decode_clob($comment->comment), $comment->format, FALSE);
// Comment API hook
comment_invoke_comment($comment, 'view');
@@ -2074,7 +2076,7 @@ function _comment_update_node_statistics
// comments exist
if ($count > 0) {
$last_reply = db_fetch_object(db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = %d AND status = %d ORDER BY cid DESC', $nid, COMMENT_PUBLISHED, 0, 1));
- db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = '%s', last_comment_uid = %d WHERE nid = %d", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid);
+ db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = %s, last_comment_uid = %d WHERE nid = %d", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid);
}
// no comments
@@ -2232,7 +2234,7 @@ function comment_unpublish_by_keyword_ac
*/
function comment_unpublish_by_keyword_action($comment, $context) {
foreach ($context['keywords'] as $keyword) {
- if (strstr($comment->comment, $keyword) || strstr($comment->subject, $keyword)) {
+ if (strstr(db_decode_clob($comment->comment), $keyword) || strstr($comment->subject, $keyword)) {
db_query('UPDATE {comments} SET status = %d WHERE cid = %d', COMMENT_NOT_PUBLISHED, $comment->cid);
watchdog('action', 'Unpublished comment %subject.', array('%subject' => $comment->subject));
break;
diff -urpN drupal/modules/comment/comment.schema drupal-6.x-dev-pre7-0.5.1/modules/comment/comment.schema
--- drupal/modules/comment/comment.schema 2007-07-31 05:27:34.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/comment/comment.schema 2007-09-17 11:34:51.000000000 +0800
@@ -9,7 +9,7 @@ function comment_schema() {
'nid' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'uid' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'subject' => array('type' => 'varchar', 'length' => 64, 'not null' => TRUE, 'default' => ''),
- 'comment' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
+ 'comment' => array('type' => 'clob', 'not null' => TRUE, 'size' => 'big'),
'hostname' => array('type' => 'varchar', 'length' => 128, 'not null' => TRUE, 'default' => ''),
'timestamp' => array('type' => 'int', 'not null' => TRUE, 'default' => 0),
'status' => array('type' => 'int', 'unsigned' => TRUE, 'not null' => TRUE, 'default' => 0, 'size' => 'tiny'),
diff -urpN drupal/modules/contact/contact.admin.inc drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.admin.inc
--- drupal/modules/contact/contact.admin.inc 2007-07-16 20:43:05.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.admin.inc 2007-09-17 11:34:51.000000000 +0800
@@ -110,13 +110,16 @@ function contact_admin_edit_submit($form
}
$form_state['values']['recipients'] = implode(',', $recipients);
if (empty($form_state['values']['cid']) || $form_state['values']['contact_op'] == 'add') {
- db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES ('%s', '%s', '%s', %d, %d)", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected']);
+ db_query("INSERT INTO {contact} (category, recipients, reply, weight, selected) VALUES (%s, %s, %c, %d, %d)", $form_state['values']['category'], $form_state['values']['recipients'], NULL, $form_state['values']['weight'], $form_state['values']['selected']);
+ $cid = db_last_insert_id('contact', 'cid');
+ db_update_clob('cid = %d', $cid, db_prefix_tables('{contact}'), 'reply', $form_state['values']['reply']);
drupal_set_message(t('Category %category has been added.', array('%category' => $form_state['values']['category'])));
watchdog('mail', 'Contact form: category %category added.', array('%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/build/contact'));
}
else {
- db_query("UPDATE {contact} SET category = '%s', recipients = '%s', reply = '%s', weight = %d, selected = %d WHERE cid = %d", $form_state['values']['category'], $form_state['values']['recipients'], $form_state['values']['reply'], $form_state['values']['weight'], $form_state['values']['selected'], $form_state['values']['cid']);
+ db_query("UPDATE {contact} SET category = %s, recipients = %s, reply = %c, weight = %d, selected = %d WHERE cid = %d", $form_state['values']['category'], $form_state['values']['recipients'], NULL, $form_state['values']['weight'], $form_state['values']['selected'], $form_state['values']['cid']);
+ db_update_clob('cid = %d', $form_state['values']['cid'], db_prefix_tables('{contact}'), 'reply', $form_state['values']['reply']);
drupal_set_message(t('Category %category has been updated.', array('%category' => $form_state['values']['category'])));
watchdog('mail', 'Contact form: category %category updated.', array('%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/build/contact'));
}
diff -urpN drupal/modules/contact/contact.module drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.module
--- drupal/modules/contact/contact.module 2007-07-16 14:37:49.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.module 2007-09-17 11:34:51.000000000 +0800
@@ -171,7 +171,7 @@ function contact_mail($key, &$message, $
case 'page_autoreply':
$contact = $params['contact'];
$message['subject'] .= t('[!category] !subject', array('!category' => $contact['category'], '!subject' => $params['subject']), $language->language);
- $message['body'][] = $contact['reply'];
+ $message['body'][] = db_decode_clob($contact['reply']);
break;
case 'user_mail':
case 'user_copy':
diff -urpN drupal/modules/contact/contact.pages.inc drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.pages.inc
--- drupal/modules/contact/contact.pages.inc 2007-09-06 20:42:50.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.pages.inc 2007-09-17 11:34:51.000000000 +0800
@@ -134,7 +134,7 @@ function contact_mail_page_submit($form,
}
// Send an auto-reply if necessary using the current language.
- if ($contact['reply']) {
+ if (db_decode_clob($contact['reply'])) {
drupal_mail('contact', 'page_autoreply', $from, $language, $values, $contact['recipients']);
}
diff -urpN drupal/modules/contact/contact.schema drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.schema
--- drupal/modules/contact/contact.schema 2007-07-15 18:09:21.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/contact/contact.schema 2007-09-17 11:34:51.000000000 +0800
@@ -7,7 +7,7 @@ function contact_schema() {
'cid' => array('type' => 'serial', 'unsigned' => TRUE, 'not null' => TRUE),
'category' => array('type' => 'varchar', 'length' => 255, 'not null' => TRUE, 'default' => ''),
'recipients' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
- 'reply' => array('type' => 'text', 'not null' => TRUE, 'size' => 'big'),
+ 'reply' => array('type' => 'clob', 'not null' => TRUE, 'size' => 'big'),
'weight' => array('type' => 'int', 'not null' => TRUE, 'default' => 0, 'size' => 'tiny'),
'selected' => array('type' => 'int', 'not null' => TRUE, 'default' => 0, 'size' => 'tiny')
),
diff -urpN drupal/modules/dblog/dblog.admin.inc drupal-6.x-dev-pre7-0.5.1/modules/dblog/dblog.admin.inc
--- drupal/modules/dblog/dblog.admin.inc 2007-09-05 16:42:01.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/dblog/dblog.admin.inc 2007-09-17 11:34:51.000000000 +0800
@@ -98,7 +98,7 @@ function dblog_top($type) {
array('data' => t('Message'), 'field' => 'message')
);
- $result = pager_query("SELECT COUNT(wid) AS count, message, variables FROM {watchdog} WHERE type = '%s' GROUP BY message, variables ". tablesort_sql($header), 30, 0, "SELECT COUNT(DISTINCT(message)) FROM {watchdog} WHERE type = '%s'", $type);
+ $result = pager_query("SELECT COUNT(wid) AS count, message, variables FROM {watchdog} WHERE type = %s GROUP BY message, variables ". tablesort_sql($header), 30, 0, "SELECT COUNT(DISTINCT(message)) FROM {watchdog} WHERE type = %s", $type);
$rows = array();
while ($dblog = db_fetch_object($result)) {
@@ -211,7 +211,7 @@ function dblog_filters() {
if (!empty($types)) {
$filters['type'] = array(
'title' => t('Type'),
- 'where' => "w.type = '%s'",
+ 'where' => "w.type = %s",
'options' => $types,
);
}
diff -urpN drupal/modules/dblog/dblog.module drupal-6.x-dev-pre7-0.5.1/modules/dblog/dblog.module
--- drupal/modules/dblog/dblog.module 2007-07-22 14:51:47.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/dblog/dblog.module 2007-09-17 11:34:51.000000000 +0800
@@ -133,7 +133,7 @@ function dblog_watchdog($log = array())
db_query("INSERT INTO {watchdog}
(uid, type, message, variables, severity, link, location, referer, hostname, timestamp)
VALUES
- (%d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', %d)",
+ (%d, %s, %s, %s, %d, %s, %s, %s, %s, %d)",
$log['user']->uid,
$log['type'],
$log['message'],
diff -urpN drupal/modules/devel/devel_generate.inc drupal-6.x-dev-pre7-0.5.1/modules/devel/devel_generate.inc
--- drupal/modules/devel/devel_generate.inc 2007-07-20 00:56:51.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/devel/devel_generate.inc 2007-09-17 16:23:46.000000000 +0800
@@ -25,7 +25,7 @@ function devel_create_users($num, $kill)
$pass = md5(user_password());
$mail = $name .'@'. $url['host'];
$now = time();
- db_query("INSERT INTO {users} (name, pass, mail, status, created, access) VALUES ('%s', '%s', '%s', %d, %d, %d)", $name, $pass, $mail, 1, $now, $now);
+ db_query("INSERT INTO {users} (name, pass, mail, status, created, access) VALUES (%s, %s, %s, %d, %d, %d)", $name, $pass, $mail, 1, $now, $now);
}
drupal_set_message(t('!num_users created.', array('!num_users' => format_plural($num, '1 user', '@count users'))));
}
@@ -129,7 +129,7 @@ function devel_create_nodes($records, $u
$nids[] = $node->nid;
// Setup a path:
- db_query("INSERT INTO {url_alias} (src, dst) VALUES ('%s', '%s')", "node/$node->nid", "node-$node->nid-$node->type");
+ db_query("INSERT INTO {url_alias} (src, dst) VALUES (%s, %s)", "node/$node->nid", "node-$node->nid-$node->type");
unset($node);
}
}
@@ -160,7 +160,7 @@ function devel_create_comments($records,
$comment->comment = "body of comment #". $i;
$comment->uid = $users[array_rand($users)];
- db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, status, thread, timestamp) VALUES (%d, %d, %d, '%s', '%s', %d, %d, %d)", $comment->nid, $comment->pid, $comment->uid, $comment->subject, $comment->comment, 0, 0, time());
+ db_query("INSERT INTO {comments} (nid, pid, uid, subject, comment, status, thread, timestamp) VALUES (%d, %d, %d, %s, %s, %d, %d, %d)", $comment->nid, $comment->pid, $comment->uid, $comment->subject, $comment->comment, 0, 0, time());
$cids[] = db_last_insert_id('comments', 'cid');
}
diff -urpN drupal/modules/devel/devel.module drupal-6.x-dev-pre7-0.5.1/modules/devel/devel.module
--- drupal/modules/devel/devel.module 2007-09-08 04:17:54.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/devel/devel.module 2007-09-17 16:21:52.000000000 +0800
@@ -590,9 +590,9 @@ function devel_store_queries() {
$query = preg_replace(array("/'.*'/s", "/\d.*\.\d.*/", "/\d.*/"), array("S", "F", "D"), $query);
$hash = md5($function . $query);
if (!isset($qids[$hash])) {
- $qids[$hash] = db_result(devel_db_query("SELECT qid FROM {devel_queries} WHERE hash = '%s'", $hash));
+ $qids[$hash] = db_result(devel_db_query("SELECT qid FROM {devel_queries} WHERE hash = %s", $hash));
if (!$qids[$hash]) {
- devel_db_query("INSERT INTO {devel_queries} (query, function, hash) VALUES ('%s', '%s', '%s')", $query, $function, $hash);
+ devel_db_query("INSERT INTO {devel_queries} (query, function, hash) VALUES (%s, %s, %s)", $query, $function, $hash);
$qids[$hash] = mysql_insert_id();
}
}
@@ -1494,4 +1494,4 @@ function wget($url, $file) {
curl_exec($ch);
curl_close($ch);
fclose($fp);
-}
\ No newline at end of file
+}
diff -urpN drupal/modules/devel/generate/generate-og2list-mail.php drupal-6.x-dev-pre7-0.5.1/modules/devel/generate/generate-og2list-mail.php
--- drupal/modules/devel/generate/generate-og2list-mail.php 2006-06-28 05:51:29.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/devel/generate/generate-og2list-mail.php 2007-09-17 16:23:16.000000000 +0800
@@ -35,8 +35,8 @@ function gom_create_content($groups) {
$msg_id = '<'. time() .'.'. mt_rand() .'@'. strtolower(variable_get('og2list_domain', $_SERVER['SERVER_NAME'])) .'>';
$subject = 'Test mail from '. $user['name'] .' to '. $group['recipient'];
- db_query("INSERT INTO {og2list_incoming_content} (from_address,from_name,subject,msgid,content_type,body) VALUES ('%s', '%s', '%s', '%s', '%s', '%s')", $user['mail'], $user['name'], $subject, $msg_id, 'text/plain', "totally irrelevant message body, sent at ". format_date(time(), 'custom', t('Y/m/d - G:i')));
- db_query("INSERT INTO {og2list_incoming_groups} SET mid=(SELECT mid FROM {og2list_incoming_content} WHERE msgid='%s'), oid=(SELECT nid FROM {og2list_groups} WHERE recipient='%s')", $msg_id, $group['recipient']);
+ db_query("INSERT INTO {og2list_incoming_content} (from_address,from_name,subject,msgid,content_type,body) VALUES (%s, %s, %s, %s, %s, %s)", $user['mail'], $user['name'], $subject, $msg_id, 'text/plain', "totally irrelevant message body, sent at ". format_date(time(), 'custom', t('Y/m/d - G:i')));
+ db_query("INSERT INTO {og2list_incoming_groups} SET mid=(SELECT mid FROM {og2list_incoming_content} WHERE msgid=%s), oid=(SELECT nid FROM {og2list_groups} WHERE recipient=%s)", $msg_id, $group['recipient']);
}
}
}
diff -urpN drupal/modules/drupal/drupal.module drupal-6.x-dev-pre7-0.5.1/modules/drupal/drupal.module
--- drupal/modules/drupal/drupal.module 2007-08-21 16:15:59.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/drupal/drupal.module 2007-09-17 11:34:51.000000000 +0800
@@ -160,20 +160,20 @@ function drupal_client_ping($client, $sy
*/
if ($client['link'] && $client['name'] && $client['mail'] && $client['slogan'] && $client['mission']) {
- $result = db_query("SELECT cid FROM {client} WHERE link = '%s'", $client['link']);
+ $result = db_query("SELECT cid FROM {client} WHERE link = %s", $client['link']);
if ($record = db_fetch_object($result)) {
$client['cid'] = $record->cid;
// We have an existing record.
- db_query("UPDATE {client} SET link = '%s', name = '%s', mail = '%s', slogan = '%s', mission = '%s', users = %d, nodes = %d, version = '%s', changed = '%s' WHERE cid = %d", $client['uid'], $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), $client['cid']);
+ db_query("UPDATE {client} SET link = %s, name = %s, mail = %s, slogan = %s, mission = %s, users = %d, nodes = %d, version = %s, changed = %s WHERE cid = %d", $client['uid'], $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), $client['cid']);
}
else {
- db_query("INSERT INTO {client} (link, name, mail, slogan, mission, users, nodes, version, created, changed) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), time());
+ db_query("INSERT INTO {client} (link, name, mail, slogan, mission, users, nodes, version, created, changed) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $client['link'], $client['name'], $client['mail'], $client['slogan'], $client['mission'], $client['users'], $client['nodes'], $client['version'], time(), time());
$client['cid'] = db_last_insert_id('client', 'cid');
}
if (is_array($system)) {
db_query("DELETE FROM {client_system} WHERE cid = %d", $client['cid']);
foreach ($system as $item) {
- db_query("INSERT INTO {client_system} (cid, name, type) VALUES (%d, '%s', '%s')", $client['cid'], $item['name'], $item['type']);
+ db_query("INSERT INTO {client_system} (cid, name, type) VALUES (%d, %s, %s)", $client['cid'], $item['name'], $item['type']);
}
}
watchdog('client ping', 'Ping from %name (%link).', array('%name' => $client['name'], '%link' => $client['link']), WATCHDOG_NOTICE, 'view');
diff -urpN drupal/modules/filter/filter.admin.inc drupal-6.x-dev-pre7-0.5.1/modules/filter/filter.admin.inc
--- drupal/modules/filter/filter.admin.inc 2007-09-14 20:17:58.000000000 +0800
+++ drupal-6.x-dev-pre7-0.5.1/modules/filter/filter.admin.inc 2007-09-17 11:36:28.000000000 +0800
@@ -153,7 +153,7 @@ function filter_admin_format_form(&$form
function filter_admin_format_form_validate($form, &$form_state) {
if (!isset($form_state['values']['format'])) {
$name = trim($form_state['values']['name']);
- $result = db_fetch_object(db_query("SELECT format FROM {filter_formats} WHERE name='%s'", $name));
+ $result = db_fetch_object(db_query("SELECT format FROM {filter_formats} WHERE name=%s", $name));
if ($result) {
form_set_error('name', t('Filter format name