clean up queries w/ proper placeholders. [#201770]

pift_server_retest_check() and pift_server_send_file_data() both contain queries that are using an old, potentially insecure style of passing arguments to db_query.

these need to be fixed by using proper placeholders.

Comment	File	Size	Author
#2	pift_query_rewrite.patch	7.33 KB	hunmonk
#1	pift_query_rewrite.patch	7.23 KB	hunmonk

Comments

Comment #1

hunmonk commented 23 December 2007 at 21:52

Status:

Active

» Needs review

Status	File	Size
new	pift_query_rewrite.patch	7.23 KB

attached places all query argument in proper placeholders for the offending queries.

note, still needs some cursory testing to make sure i didn't foul anything up.

Comment #2

hunmonk commented 24 December 2007 at 03:58

Status:

Needs review

» Fixed

Status	File	Size
new	pift_query_rewrite.patch	7.33 KB

committed attached to HEAD. basically the same patch as above, i just needed to massage the array merging code a bit.

code is tested and working.

Comment #3

(not verified) commented 7 January 2008 at 04:13

Status:

Fixed

» Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.

clean up queries w/ proper placeholders.

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community