diff -urpN drupal-6.x-dev-200708120325/includes/install.inc drupal-6.x-dev/includes/install.inc --- drupal-6.x-dev-200708120325/includes/install.inc 2007-07-31 03:22:47.000000000 +0800 +++ drupal-6.x-dev/includes/install.inc 2007-08-12 13:24:47.000000000 +0800 @@ -70,7 +70,7 @@ function drupal_get_installed_schema_ver if (!$versions) { $versions = array(); - $result = db_query("SELECT name, schema_version FROM {system} WHERE type = 'module'"); + $result = db_query("SELECT name, schema_version FROM {system} WHERE type = '%s'", 'module'); while ($row = db_fetch_object($result)) { $versions[$row->name] = $row->schema_version; } @@ -312,7 +312,7 @@ function drupal_install_profile($profile module_invoke('system', 'install'); $system_versions = drupal_get_schema_versions('system'); $system_version = $system_versions ? max($system_versions) : SCHEMA_INSTALLED; - db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES('%s', '%s', 'module', '', 1, 0, 0, %d)", $system_path .'/system.module', 'system', $system_version); + db_query("INSERT INTO {system} (filename, name, type, owner, status, throttle, bootstrap, schema_version) VALUES('%s', '%s', '%s', '%s', %d, %d, %d, %d)", $system_path .'/system.module', 'system', 'module', '', 1, 0, 0, $system_version); // Now that we've installed things properly, bootstrap the full Drupal environment drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); diff -urpN drupal-6.x-dev-200708120325/includes/menu.inc drupal-6.x-dev/includes/menu.inc --- drupal-6.x-dev-200708120325/includes/menu.inc 2007-08-11 22:06:14.000000000 +0800 +++ drupal-6.x-dev/includes/menu.inc 2007-08-12 13:21:23.000000000 +0800 @@ -1409,7 +1409,7 @@ function _menu_navigation_links_rebuild( array_multisort($sort, SORT_NUMERIC, $menu_links); foreach ($menu_links as $item) { - $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = '%s' AND module = 'system'", $item['link_path'])); + $existing_item = db_fetch_array(db_query("SELECT mlid, menu_name, plid, customized FROM {menu_links} WHERE link_path = '%s' AND module = '%s'", $item['link_path'], 'system')); if ($existing_item) { $item['mlid'] = $existing_item['mlid']; $item['menu_name'] = $existing_item['menu_name']; diff -urpN drupal-6.x-dev-200708120325/includes/module.inc drupal-6.x-dev/includes/module.inc --- drupal-6.x-dev-200708120325/includes/module.inc 2007-08-09 04:04:38.000000000 +0800 +++ drupal-6.x-dev/includes/module.inc 2007-08-12 13:29:06.000000000 +0800 @@ -242,10 +242,10 @@ function module_load_all_includes($type, function module_enable($module_list) { $invoke_modules = array(); foreach ($module_list as $module) { - $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = 'module' AND name = '%s'", $module)); + $existing = db_fetch_object(db_query("SELECT status FROM {system} WHERE type = '%s' AND name = '%s'", 'module', $module)); if ($existing->status == 0) { module_load_install($module); - db_query("UPDATE {system} SET status = 1, throttle = 0 WHERE type = 'module' AND name = '%s'", $module); + db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 1, 0, 'module', $module); drupal_load('module', $module); $invoke_modules[] = $module; } @@ -275,7 +275,7 @@ function module_disable($module_list) { if (module_exists($module)) { module_load_install($module); module_invoke($module, 'disable'); - db_query("UPDATE {system} SET status = 0, throttle = 0 WHERE type = 'module' AND name = '%s'", $module); + db_query("UPDATE {system} SET status = %d, throttle = %d WHERE type = '%s' AND name = '%s'", 0, 0, 'module', $module); $invoke_modules[] = $module; } } diff -urpN drupal-6.x-dev-200708120325/includes/theme.inc drupal-6.x-dev/includes/theme.inc --- drupal-6.x-dev-200708120325/includes/theme.inc 2007-08-03 04:08:52.000000000 +0800 +++ drupal-6.x-dev/includes/theme.inc 2007-08-12 13:26:58.000000000 +0800 @@ -337,7 +337,7 @@ function list_themes($refresh = FALSE) { if (empty($list)) { $list = array(); - $result = db_query("SELECT * FROM {system} WHERE type = 'theme'"); + $result = db_query("SELECT * FROM {system} WHERE type = '%s'", 'theme'); while ($theme = db_fetch_object($result)) { if (file_exists($theme->filename)) { $theme->info = unserialize($theme->info); @@ -384,7 +384,7 @@ function list_theme_engines($refresh = F if (!$list) { $list = array(); - $result = db_query("SELECT * FROM {system} WHERE type = 'theme_engine' AND status = '1' ORDER BY name"); + $result = db_query("SELECT * FROM {system} WHERE type = '%s' AND status = %d ORDER BY name", 'theme_engine', '1'); while ($engine = db_fetch_object($result)) { if (file_exists($engine->filename)) { $engine->info = unserialize($engine->info); diff -urpN drupal-6.x-dev-200708120325/install.php drupal-6.x-dev/install.php --- drupal-6.x-dev-200708120325/install.php 2007-07-26 01:35:47.000000000 +0800 +++ drupal-6.x-dev/install.php 2007-08-12 13:21:26.000000000 +0800 @@ -126,7 +126,7 @@ function install_main() { */ function install_verify_drupal() { // Read the variable manually using the @ so we don't trigger an error if it fails. - $result = @db_query("SELECT value FROM {variable} WHERE name = 'install_task'"); + $result = @db_query("SELECT value FROM {variable} WHERE name = '%s'", 'install_task'); if ($result) { return unserialize(db_result($result)); } diff -urpN drupal-6.x-dev-200708120325/modules/system/system.module drupal-6.x-dev/modules/system/system.module --- drupal-6.x-dev-200708120325/modules/system/system.module 2007-08-12 03:17:17.000000000 +0800 +++ drupal-6.x-dev/modules/system/system.module 2007-08-12 13:14:16.000000000 +0800 @@ -1076,7 +1076,7 @@ function system_theme_data() { $engines = drupal_system_listing('\.engine$', 'themes/engines'); // Remove all theme engines from the system table - db_query("DELETE FROM {system} WHERE type = 'theme_engine'"); + db_query("DELETE FROM {system} WHERE type = '%s'", 'theme_engine'); foreach ($engines as $engine) { // Insert theme engine into system table