Fixes for 4.7; security change
Cvbge - December 8, 2005 - 11:21
| Project: | Pathauto |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | mikeryan |
| Status: | closed |
Description
Hi.
There is no %u in db_query() anymore. %d is sufficient.
$prefix should be escaped, it's part of url IMO, % needs to be doubled.
| Attachment | Size |
|---|---|
| 02-pathauto.diff | 1.44 KB |
#1
Thanks, I'll apply to CVS as soon as I have a little time this week...
#2
node_list() is now node_get_types()
Please, see attached file.
#3
This is the same patch above, hopefully using correct format. Sorry.
#4
I just figured I generated the patch with an incorrect order of files.
Again, sorry. :(
Please, discard the patches above a see the one attached here.
#5
And here's another fix for the same file:
Find this code:
$placeholders[t('[type]')] = pathauto_cleanstring(node_invoke($node->type,'node_name'));and replace with:
$placeholders[t('[type]')] = pathauto_cleanstring(node_get_name($node));#6
Already been done.
#7
My patch (first issue) is still valid.
#8
And the original title. Bad people stole my issue.
#9
>> Bad people stole my issue.
1) No need for that, imo. 2) There is worst people out there. I just tried to be of some help (but honest, I was wrong because I didn't check cvs, sorry, new in this country), and I saw your thread related to "fixes for 4.7", so I posted here.
#10
The fixes from Cvbge have been committed to HEAD, thanks!
#11