#64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query.
Neil Drumm
parent
9cc7e36472
commit
6dbe63f77e
|
|
@ -329,10 +329,9 @@ function poll_node_info() {
|
|||
|
||||
function poll_page() {
|
||||
// List all polls.
|
||||
$sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE n.status = 1 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
|
||||
$sql = db_rewrite_sql("SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE n.status = 1 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC");
|
||||
// Count all polls for the pager.
|
||||
$count_sql = 'SELECT COUNT(*) FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid WHERE n.status = 1';
|
||||
$sql = db_rewrite_sql($sql);
|
||||
$count_sql = db_rewrite_sql('SELECT COUNT(*) FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid WHERE n.status = 1');
|
||||
$result = pager_query($sql, 15, 0, $count_sql);
|
||||
$output = '<ul>';
|
||||
while ($node = db_fetch_object($result)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue