summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Drumm2007-12-05 21:09:54 +0000
committerNeil Drumm2007-12-05 21:09:54 +0000
commit2c8444015d77044df2cbff249c07544700a29d61 (patch)
tree44e908680f06e62467e230d4ac2e78afbf59904d
parente674486d653f7548394cf2816ebf19bb19277e46 (diff)
Drupal 5.4.5.4
-rw-r--r--CHANGELOG.txt8
-rw-r--r--modules/system/system.module2
-rw-r--r--modules/taxonomy/taxonomy.module16
3 files changed, 18 insertions, 8 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 3e63e7b..be83e47 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,7 +1,9 @@
// $Id$
-Drupal 5.4, xxxx-xx-xx
+Drupal 5.4, 2007-12-05
----------------------
+- fixed a variety of small bugs.
+- fixed a security issue (SQL injection), see SA-2007-031
Drupal 5.3, 2007-10-17
----------------------
@@ -101,6 +103,10 @@ Drupal 5.0, 2007-01-15
* added nested lists generation.
* added a self-clearing block class.
+Drupal 4.7.9, 2007-12-05
+------------------------
+- fixed a security issue (SQL injection), see SA-2007-031
+
Drupal 4.7.8, 2007-10-17
------------------------
- fixed a security issue (HTTP response splitting), see SA-2007-024
diff --git a/modules/system/system.module b/modules/system/system.module
index 0f14a07..cfbba6e 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '5.4-dev');
+define('VERSION', '5.4');
/**
* Implementation of hook_help().
diff --git a/modules/taxonomy/taxonomy.module b/modules/taxonomy/taxonomy.module
index c31e917..1bc75e0 100644
--- a/modules/taxonomy/taxonomy.module
+++ b/modules/taxonomy/taxonomy.module
@@ -1243,16 +1243,20 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
}
if ($operator == 'or') {
- $str_tids = implode(',', call_user_func_array('array_merge', $descendant_tids));
- $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1 ORDER BY '. $order;
- $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $str_tids .') AND n.status = 1';
+ $args = call_user_func_array('array_merge', $descendant_tids);
+ $placeholders = implode(',', array_fill(0, count($args), '%d'));
+ $sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1 ORDER BY '. $order;
+ $sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n INNER JOIN {term_node} tn ON n.nid = tn.nid WHERE tn.tid IN ('. $placeholders .') AND n.status = 1';
}
else {
$joins = '';
$wheres = '';
+ $args = array();
foreach ($descendant_tids as $index => $tids) {
$joins .= ' INNER JOIN {term_node} tn'. $index .' ON n.nid = tn'. $index .'.nid';
- $wheres .= ' AND tn'. $index .'.tid IN ('. implode(',', $tids) .')';
+ $placeholders = implode(',', array_fill(0, count($tids), '%d'));
+ $wheres .= ' AND tn'. $index .'.tid IN ('. $placeholders .')';
+ $args = array_merge($args, $tids);
}
$sql = 'SELECT DISTINCT(n.nid), n.sticky, n.title, n.created FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres .' ORDER BY '. $order;
$sql_count = 'SELECT COUNT(DISTINCT(n.nid)) FROM {node} n '. $joins .' WHERE n.status = 1 '. $wheres;
@@ -1260,10 +1264,10 @@ function taxonomy_select_nodes($tids = array(), $operator = 'or', $depth = 0, $p
$sql = db_rewrite_sql($sql);
$sql_count = db_rewrite_sql($sql_count);
if ($pager) {
- $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count);
+ $result = pager_query($sql, variable_get('default_nodes_main', 10), 0, $sql_count, $args);
}
else {
- $result = db_query_range($sql, 0, variable_get('feed_default_items', 10));
+ $result = db_query_range($sql, 0, variable_get('feed_default_items', 10), $args);
}
}