#167284 by Heine and pwolanin. Avoid abusing %s for lists.
Neil Drumm
parent
717676d415
commit
6737c48e43
|
|
@ -594,7 +594,9 @@ function block_user($type, $edit, &$user, $category = NULL) {
|
||||||
switch ($type) {
|
switch ($type) {
|
||||||
case 'form':
|
case 'form':
|
||||||
if ($category == 'account') {
|
if ($category == 'account') {
|
||||||
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.weight, b.module", implode(',', array_keys($user->roles)));
|
$rids = array_keys($user->roles);
|
||||||
|
$placeholders = implode(',', array_fill(0, count($rids), '%d'));
|
||||||
|
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.status = 1 AND b.custom != 0 AND (r.rid IN ($placeholders) OR r.rid IS NULL) ORDER BY b.weight, b.module", $rids);
|
||||||
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
|
$form['block'] = array('#type' => 'fieldset', '#title' => t('Block configuration'), '#weight' => 3, '#collapsible' => TRUE, '#tree' => TRUE);
|
||||||
while ($block = db_fetch_object($result)) {
|
while ($block = db_fetch_object($result)) {
|
||||||
$data = module_invoke($block->module, 'block', 'list');
|
$data = module_invoke($block->module, 'block', 'list');
|
||||||
|
|
@ -641,7 +643,9 @@ function block_list($region) {
|
||||||
static $blocks = array();
|
static $blocks = array();
|
||||||
|
|
||||||
if (!count($blocks)) {
|
if (!count($blocks)) {
|
||||||
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN (%s) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", $theme_key, implode(',', array_keys($user->roles)));
|
$rids = array_keys($user->roles);
|
||||||
|
$placeholders = implode(',', array_fill(0, count($rids), '%d'));
|
||||||
|
$result = db_query("SELECT DISTINCT b.* FROM {blocks} b LEFT JOIN {blocks_roles} r ON b.module = r.module AND b.delta = r.delta WHERE b.theme = '%s' AND b.status = 1 AND (r.rid IN ($placeholders) OR r.rid IS NULL) ORDER BY b.region, b.weight, b.module", array_merge(array($theme_key), $rids));
|
||||||
while ($block = db_fetch_object($result)) {
|
while ($block = db_fetch_object($result)) {
|
||||||
if (!isset($blocks[$block->region])) {
|
if (!isset($blocks[$block->region])) {
|
||||||
$blocks[$block->region] = array();
|
$blocks[$block->region] = array();
|
||||||
|
|
|
||||||
|
|
@ -1312,42 +1312,48 @@ function node_node_operations() {
|
||||||
* Callback function for admin mass publishing nodes.
|
* Callback function for admin mass publishing nodes.
|
||||||
*/
|
*/
|
||||||
function node_operations_publish($nodes) {
|
function node_operations_publish($nodes) {
|
||||||
db_query('UPDATE {node} SET status = 1 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET status = 1 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for admin mass unpublishing nodes.
|
* Callback function for admin mass unpublishing nodes.
|
||||||
*/
|
*/
|
||||||
function node_operations_unpublish($nodes) {
|
function node_operations_unpublish($nodes) {
|
||||||
db_query('UPDATE {node} SET status = 0 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET status = 0 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for admin mass promoting nodes.
|
* Callback function for admin mass promoting nodes.
|
||||||
*/
|
*/
|
||||||
function node_operations_promote($nodes) {
|
function node_operations_promote($nodes) {
|
||||||
db_query('UPDATE {node} SET status = 1, promote = 1 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET status = 1, promote = 1 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for admin mass demoting nodes.
|
* Callback function for admin mass demoting nodes.
|
||||||
*/
|
*/
|
||||||
function node_operations_demote($nodes) {
|
function node_operations_demote($nodes) {
|
||||||
db_query('UPDATE {node} SET promote = 0 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET promote = 0 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for admin mass editing nodes to be sticky.
|
* Callback function for admin mass editing nodes to be sticky.
|
||||||
*/
|
*/
|
||||||
function node_operations_sticky($nodes) {
|
function node_operations_sticky($nodes) {
|
||||||
db_query('UPDATE {node} SET status = 1, sticky = 1 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET status = 1, sticky = 1 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Callback function for admin mass editing nodes to remove stickiness.
|
* Callback function for admin mass editing nodes to remove stickiness.
|
||||||
*/
|
*/
|
||||||
function node_operations_unsticky($nodes) {
|
function node_operations_unsticky($nodes) {
|
||||||
db_query('UPDATE {node} SET sticky = 0 WHERE nid IN(%s)', implode(',', $nodes));
|
$placeholders = implode(',', array_fill(0, count($nodes), '%d'));
|
||||||
|
db_query('UPDATE {node} SET sticky = 0 WHERE nid IN('. $placeholders .')', $nodes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
|
|
@ -1369,7 +1369,8 @@ function taxonomy_term_page($str_tids = '', $depth = 0, $op = 'page') {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($terms['tids']) {
|
if ($terms['tids']) {
|
||||||
$result = db_query(db_rewrite_sql('SELECT t.tid, t.name FROM {term_data} t WHERE t.tid IN (%s)', 't', 'tid'), implode(',', $terms['tids']));
|
$placeholders = implode(',', array_fill(0, count($terms['tids']), '%d'));
|
||||||
|
$result = db_query(db_rewrite_sql('SELECT t.tid, t.name FROM {term_data} t WHERE t.tid IN ('. $placeholders .')', 't', 'tid'), $terms['tids']);
|
||||||
$tids = array(); // we rebuild the $tids-array so it only contains terms the user has access to.
|
$tids = array(); // we rebuild the $tids-array so it only contains terms the user has access to.
|
||||||
$names = array();
|
$names = array();
|
||||||
while ($term = db_fetch_object($result)) {
|
while ($term = db_fetch_object($result)) {
|
||||||
|
|
|
||||||
|
|
@ -365,8 +365,9 @@ function user_access($string, $account = NULL) {
|
||||||
// To reduce the number of SQL queries, we cache the user's permissions
|
// To reduce the number of SQL queries, we cache the user's permissions
|
||||||
// in a static variable.
|
// in a static variable.
|
||||||
if (!isset($perm[$account->uid])) {
|
if (!isset($perm[$account->uid])) {
|
||||||
$result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN (%s)", implode(',', array_keys($account->roles)));
|
$rids = array_keys($account->roles);
|
||||||
|
$placeholders = implode(',', array_fill(0, count($rids), '%d'));
|
||||||
|
$result = db_query("SELECT DISTINCT(p.perm) FROM {role} r INNER JOIN {permission} p ON p.rid = r.rid WHERE r.rid IN ($placeholders)", $rids);
|
||||||
$perm[$account->uid] = '';
|
$perm[$account->uid] = '';
|
||||||
while ($row = db_fetch_object($result)) {
|
while ($row = db_fetch_object($result)) {
|
||||||
$perm[$account->uid] .= "$row->perm, ";
|
$perm[$account->uid] .= "$row->perm, ";
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue