/[drupal]/contributions/modules/filestore/filestore.module
ViewVC logotype

Diff of /contributions/modules/filestore/filestore.module

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph | View Patch Patch

revision 1.49, Fri Oct 1 00:08:32 2004 UTC revision 1.50, Wed Nov 24 22:03:32 2004 UTC
# Line 1  Line 1 
1  <?php  <?php
2  // $Id$  // $Id: filestore.module,v 1.49 2004/10/01 00:08:32 uwe Exp $
3    
4  function filestore_system($field) {  function filestore_system($field) {
5    $info["name"] = t("filestore");    $info["name"] = t("filestore");
# Line 190  function filestore_page() { Line 190  function filestore_page() {
190        foreach (preg_split("/&/", $HTTP_SERVER_VARS["QUERY_STRING"], -1, PREG_SPLIT_NO_EMPTY) as $attribute) { // PREG_SPLIT_NO_EMPTY: return only non-empty pieces        foreach (preg_split("/&/", $HTTP_SERVER_VARS["QUERY_STRING"], -1, PREG_SPLIT_NO_EMPTY) as $attribute) { // PREG_SPLIT_NO_EMPTY: return only non-empty pieces
191          // skip ?q, ?from. TODO: don't do this here, but in a base code url handler.          // skip ?q, ?from. TODO: don't do this here, but in a base code url handler.
192          if (!preg_match("/^(q|from)/", $attribute)) {          if (!preg_match("/^(q|from)/", $attribute)) {
193            $query .= "attributes LIKE '%". check_query(strtr($attribute, "=", ":")) ."%' AND ";            $query .= "attributes LIKE '%". db_escape_string(strtr($attribute, "=", ":")) ."%' AND ";
194          }          }
195        }        }
196    
197        $query = !$date ? $query : "";        $query = !$date ? $query : "";
198        $result = pager_query("SELECT nid, type FROM {node} WHERE $query type = 'filestore' AND status = 1 AND (moderate = 0 OR revisions != '') AND changed <= '". ($date > 0 ? check_query($date) : time()) ."' ORDER BY changed DESC", variable_get("default_nodes_main", 10));        $result = pager_query("SELECT nid, type FROM {node} WHERE $query type = 'filestore' AND status = 1 AND (moderate = 0 OR revisions != '') AND changed <= '". ($date > 0 ? db_escape_string($date) : time()) ."' ORDER BY changed DESC", variable_get("default_nodes_main", 10));
199    
200        $errs = _filestore_check_configuration();        $errs = _filestore_check_configuration();
201        if ($errs) {        if ($errs) {
# Line 555  function filestore_insert($node) { Line 555  function filestore_insert($node) {
555    $nodedata = get_object_vars($node);    $nodedata = get_object_vars($node);
556    foreach ($nodedata as $key => $value) {    foreach ($nodedata as $key => $value) {
557      if (in_array($key, $fields)) {      if (in_array($key, $fields)) {
558        $k[] = check_query($key);        $k[] = db_escape_string($key);
559        $v[] = "'". check_query($value) ."'";        $v[] = "'". db_escape_string($value) ."'";
560      }      }
561    }    }
562    
# Line 572  function filestore_update($node) { Line 572  function filestore_update($node) {
572    $nodedata = get_object_vars($node);    $nodedata = get_object_vars($node);
573    foreach ($nodedata as $key => $value) {    foreach ($nodedata as $key => $value) {
574      if (in_array($key, $fields)) {      if (in_array($key, $fields)) {
575        $q[] = check_query($key) ." = '". check_query($value) ."'";        $q[] = db_escape_string($key) ." = '". db_escape_string($value) ."'";
576      }      }
577    }    }
578    
Legend:
Removed from v.1.49  
changed lines
  Added in v.1.50
  ViewVC Help
Powered by ViewVC 1.1.2