Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Fixed missing filtering

4.1.x
Steven Wittens 2002-10-15 23:17:15 +00:00
parent c5da43fa40
commit c238481f02
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/poll.module
View File

@ -136,7 +136,7 @@ function poll_insert($node) {
$node->active = 1; $node->active = 1;
} }
db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')"); db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_query($node->nid) ."', '". check_query($node->runtime) ."', '', '". check_query($node->active) ."')");
for ($i = 0; $i < $node->choices; $i++) { for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]); $choice->chtext = filter($node->choice[$i]);
@ -144,7 +144,7 @@ function poll_insert($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_query($node->nid) ."', '". check_query($choice->chtext) ."', '". check_query($choice->chvotes) ."', '". check_query($choice->chorder) ."')");
} }
} }
} }
@ -404,7 +404,7 @@ function poll_update($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_query($node->nid) ."', '". check_query($choice->chtext) ."', '". check_query($choice->chvotes) ."', '". check_query($choice->chorder) ."')");
} }
} }
} }

6
modules/poll/poll.module
View File

@ -136,7 +136,7 @@ function poll_insert($node) {
$node->active = 1; $node->active = 1;
} }
db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_input($node->nid) ."', '". check_input($node->runtime) ."', '', '". check_input($node->active) ."')"); db_query("INSERT INTO poll (nid, runtime, voters, active) VALUES ('". check_query($node->nid) ."', '". check_query($node->runtime) ."', '', '". check_query($node->active) ."')");
for ($i = 0; $i < $node->choices; $i++) { for ($i = 0; $i < $node->choices; $i++) {
$choice->chtext = filter($node->choice[$i]); $choice->chtext = filter($node->choice[$i]);
@ -144,7 +144,7 @@ function poll_insert($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_query($node->nid) ."', '". check_query($choice->chtext) ."', '". check_query($choice->chvotes) ."', '". check_query($choice->chorder) ."')");
} }
} }
} }
@ -404,7 +404,7 @@ function poll_update($node) {
$choice->chorder = $i; $choice->chorder = $i;
if ($choice->chtext != "") { if ($choice->chtext != "") {
db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_input($node->nid) ."', '". check_input($choice->chtext) ."', '". check_input($choice->chvotes) ."', '". check_input($choice->chorder) ."')"); db_query("INSERT INTO poll_choices (nid, chtext, chvotes, chorder) VALUES ('". check_query($node->nid) ."', '". check_query($choice->chtext) ."', '". check_query($choice->chvotes) ."', '". check_query($choice->chorder) ."')");
} }
} }
} }