#64388 by Gábor Hojtsy. Add missing db_rewrite_sql(); not a security issue since it is a count() query.

2007-12-27 08:26:00 +00:00 · 2007-12-27 08:26:00 +00:00 · 6dbe63f77e
parent 9cc7e36472
commit 6dbe63f77e
1 changed files with 2 additions and 3 deletions
--- a/modules/poll/poll.module
+++ b/modules/poll/poll.module
@ -329,10 +329,9 @@ function poll_node_info() {
 function poll_page() {
  // List all polls.
-  $sql = "SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE n.status = 1 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC";
+  $sql = db_rewrite_sql("SELECT n.nid, n.title, p.active, n.created, SUM(c.chvotes) AS votes FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid INNER JOIN {poll_choices} c ON n.nid = c.nid WHERE n.status = 1 GROUP BY n.nid, n.title, p.active, n.created ORDER BY n.created DESC");
  // Count all polls for the pager.
-  $count_sql = 'SELECT COUNT(*) FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid WHERE n.status = 1';
+  $count_sql = db_rewrite_sql('SELECT COUNT(*) FROM {node} n INNER JOIN {poll} p ON n.nid = p.nid WHERE n.status = 1');
  $sql = db_rewrite_sql($sql);
  $result = pager_query($sql, 15, 0, $count_sql);
  $output = '<ul>';
  while ($node = db_fetch_object($result)) {