From 532233a9792c2495ba31d1f0b211d61ddec9ea6e Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 20 May 2001 19:30:39 +0000
Subject: [PATCH] - Removed includes/timer.inc: it has been integrated in
 common.inc.

- Fixed a bug in node.php: UnConeD forgot to update 1 node_get_object().

- I changed the look of theme_morelink() a bit: it might not look better,
  but at least the output is "correct".

- Various small improvements.
---
 includes/common.inc      |  4 ++++
 includes/node.inc        |  2 +-
 includes/search.inc      |  2 +-
 includes/structure.inc   | 22 +++++++++++-----------
 includes/theme.inc       |  9 ++++++++-
 includes/timer.inc       | 17 -----------------
 includes/variable.inc    |  6 +++---
 modules/poll.module      |  2 +-
 modules/poll/poll.module |  2 +-
 node.php                 |  2 +-
 10 files changed, 31 insertions(+), 37 deletions(-)
 delete mode 100644 includes/timer.inc

diff --git a/includes/common.inc b/includes/common.inc
index 2ceb4550560..7e44427128e 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -76,6 +76,10 @@ function check_preview($text) {
   return check_output(check_input($text), 1);
 }
 
+function check_query($text) {
+  return addslashes(stripslashes($text));
+}
+
 function check_input($text) {
   foreach (module_list() as $module) $text = module_invoke($module, "filter", $text);
   return addslashes(stripslashes(substr($text, 0, variable_get("max_input_size", 10000))));
diff --git a/includes/node.inc b/includes/node.inc
index 4bb14769db5..9f4429c3f93 100644
--- a/includes/node.inc
+++ b/includes/node.inc
@@ -4,7 +4,7 @@ $status = array(dumped => 0, expired => 1, queued => 2, posted => 3);
 $rstatus = array(0 => dumped, 1 => expired, 2 => queued, 3 => posted);
 
 function _node_get($conditions) {
-  foreach ($conditions as $key=>$value) $cond[] = "n.$key = '$value'";
+  foreach ($conditions as $key=>$value) $cond[] = "n.". check_query($key) ." = '". check_query($value) ."'";
   $where = implode(" AND ", $cond);
 
   if ($conditions[type]) {
diff --git a/includes/search.inc b/includes/search.inc
index 11247c525a9..f15db5ee63b 100644
--- a/includes/search.inc
+++ b/includes/search.inc
@@ -10,7 +10,7 @@ function search_form($keys) {
 }
 
 function search_data($keys, $type) {
-  if ($keys && $type && $result = module_invoke($type, "search", check_input($keys))) {
+  if ($keys && $type && $result = module_invoke($type, "search", check_query($keys))) {
     foreach ($result as $entry) {
       $output .= "<P>\n";
       $output .= " <B><U><A HREF=\"$entry[link]\">$entry[title]</A></U></B><BR>";
diff --git a/includes/structure.inc b/includes/structure.inc
index 989ee7f2fd5..fdac8e8119e 100644
--- a/includes/structure.inc
+++ b/includes/structure.inc
@@ -18,32 +18,32 @@ function category_get_array($field, $value) {
 
 // save a category:
 function category_save($edit) {
-  if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_input($edit[name])."')"));
-  foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_input($value) ."' WHERE cid = '$edit[cid]'");
+  if (!$edit[cid]) $edit[cid] = db_insert_id(db_query("INSERT INTO category (name) VALUES ('". check_query($edit[name])."')"));
+  foreach ($edit as $key=>$value) db_query("UPDATE category SET $key = '". check_query($value) ."' WHERE cid = '$edit[cid]'");
 }
 
 
 // delete category $cid:
 function category_del($cid) {
-  db_query("DELETE FROM category WHERE cid = '". check_input($cid) ."'");
-  db_query("UPDATE node SET cid = 0 WHERE cid = '". check_input($cid) ."'");
+  db_query("DELETE FROM category WHERE cid = '". check_query($cid) ."'");
+  db_query("UPDATE node SET cid = 0 WHERE cid = '". check_query($cid) ."'");
 }
 
 // return post threshold:
 function category_post_threshold($cid) {
-  $category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
+  $category = db_fetch_object(db_query("SELECT post AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
   return $category->threshold;
 }
 
 // return dump threshold:
 function category_dump_threshold($cid) {
-  $category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
+  $category = db_fetch_object(db_query("SELECT dump AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
   return $category->threshold;
 }
 
 // return expiration threshold:
 function category_expire_threshold($cid) {
-  $category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_input($cid) ."'"));
+  $category = db_fetch_object(db_query("SELECT expire AS threshold FROM category WHERE cid = '". check_query($cid) ."'"));
   return $category->threshold;
 }
 
@@ -97,8 +97,8 @@ function topic_get_array($field, $value) {
 
 // save a topic:
 function topic_save($edit) {
-  if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_input($edit[name])."')"));
-  foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_input($value) ."' WHERE tid = '$edit[tid]'");
+  if (!$edit[tid]) $edit[tid] = db_insert_id(db_query("INSERT INTO topic (name) VALUES ('". check_query($edit[name])."')"));
+  foreach ($edit as $key=>$value) db_query("UPDATE topic SET $key = '". check_query($value) ."' WHERE tid = '$edit[tid]'");
 }
 
 // returns a sorted tree-representation of all topics:
@@ -113,8 +113,8 @@ function topic_tree($parent = 0, $name = "", $tree = array()) {
 
 // delete topic $tid:
 function topic_del($tid) {
-  db_query("DELETE FROM topic WHERE tid = '". check_input($tid) ."'");
-  db_query("UPDATE node SET tid = 0 WHERE tid = '". check_input($tid) ."'");
+  db_query("DELETE FROM topic WHERE tid = '". check_query($tid) ."'");
+  db_query("UPDATE node SET tid = 0 WHERE tid = '". check_query($tid) ."'");
 }
 
 // return linked string with name of topic $tid:
diff --git a/includes/theme.inc b/includes/theme.inc
index 269a5da2eaa..dc2108eab9c 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -98,7 +98,14 @@ function theme_blocks($region, $theme) {
 }
 
 function theme_morelink($theme, $node) {
-  return ($node->body) ? "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A> | ". sizeof(explode(" ", $node->body)) ." ". t("words") ." | <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]" : "[ <A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A> ]";
+  if ($node->body) {
+    $link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". t("read more") ."</FONT></A>";
+  }
+  if ($node->comment) {
+    $link[] = "<A HREF=\"node.php?id=$node->nid\"><FONT COLOR=\"$theme->link\">". format_plural(node_get_comments($node->nid), "comment", "comments") ."</FONT></A>";
+  }
+
+  return ($link ? "[ ". implode(" | ", $link) ." ]" : "");
 }
 
 function theme_moderation_results($theme, $node) {
diff --git a/includes/timer.inc b/includes/timer.inc
deleted file mode 100644
index e6740f36649..00000000000
--- a/includes/timer.inc
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-
-$timer = 0;
-
-function timer_print() {
-  global $timer;
-  $stop = explode(" ", microtime());
-  $diff = $stop[0] - $timer[0];
-  print "<PRE>execution time: $diff ms</PRE>";
-}
-
-function timer_start() {
-  global $timer;
-  $timer = explode(" ", microtime());
-}
-
-?>
\ No newline at end of file
diff --git a/includes/variable.inc b/includes/variable.inc
index 618c7f4cefe..86f1694b27b 100644
--- a/includes/variable.inc
+++ b/includes/variable.inc
@@ -39,8 +39,8 @@ function variable_get($name, $default, $object = 0) {
 function variable_set($name, $value) {
   global $conf;
 
-  db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
-  db_query("INSERT INTO variable (name, value) VALUES ('". check_input($name) ."', '". check_input($value) ."')");
+  db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
+  db_query("INSERT INTO variable (name, value) VALUES ('". check_query($name) ."', '". check_query($value) ."')");
 
   $conf[$name] = $value;
 }
@@ -48,7 +48,7 @@ function variable_set($name, $value) {
 function variable_del($name) {
   global $conf;
 
-  db_query("DELETE FROM variable WHERE name = '". check_input($name) ."'");
+  db_query("DELETE FROM variable WHERE name = '". check_query($name) ."'");
 
   $conf[$name] = "";
 }
diff --git a/modules/poll.module b/modules/poll.module
index 677db3d3163..a786a820df5 100644
--- a/modules/poll.module
+++ b/modules/poll.module
@@ -263,7 +263,7 @@ function poll_admin() {
       print poll_overview(poll_query($type));
       break;
     case "edit":
-      print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
+      print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
       break;
     case "help":
       poll_help();
diff --git a/modules/poll/poll.module b/modules/poll/poll.module
index 677db3d3163..a786a820df5 100644
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@@ -263,7 +263,7 @@ function poll_admin() {
       print poll_overview(poll_query($type));
       break;
     case "edit":
-      print poll_form(poll_get_choices_array(node_get_array(array("nid" => check_input($id)))));
+      print poll_form(poll_get_choices_array(node_get_array(array("nid" => $id))));
       break;
     case "help":
       poll_help();
diff --git a/node.php b/node.php
index 58bddd3d2d3..711268674a2 100644
--- a/node.php
+++ b/node.php
@@ -93,7 +93,7 @@ if ($number > 1) {
   $theme->footer();
 }
 elseif ($number) {
-  $node = ($title ? node_get_object(array("title" => check_input($title))) : node_get_object(nid, check_input($id)));
+  $node = ($title ? node_get_object(array("title" => $title)) : node_get_object(array("nid" => $id)));
   if ($node && node_visible($node)) {
     switch ($op) {
       case "history":