up the documentation a little.
chx: can you double-check whether the global $conf variable is secure?
(That is, make sure it can't be send using the URL or something.)
db_query($query, $a, $b, $c);
db_query($query, array($a, $b, $c));
This usage is particularly interesting when the query is constructed dynamically, and the amount of arguments to pass varies. In that case we use the second method to avoid using call_user_func_array(). This behaviour is not documented explicitly, but it is used in several places.
However, db_query_range() and pager_query() do not support this syntax properly, which means there are several pieces of code which still revert to the ugly call_user_func_array() call.
This patch updates db_query_range() and pager_query() so they support the array-passing method. I also added documentation about this method to each of the db functions.
I also cleaned up the code for db_query (it was weird and hard to understand) and moved db_query() and db_queryd() from database.xxxxx.inc to database.inc: it was the same between both mysql and pgsql, as it doesn't do anything database specific. It just prefixes the tables and inserts the arguments. The actual db query is performed in _db_query(), which is still in database.xxxxx.inc.
Finally, I updated several places with the new syntax, and the code is a lot cleaner. For example:
- array_unshift($params, "SELECT u.* FROM {users} u WHERE $query u.status < 3");
- $params[] = 0;
- $params[] = 1;
- $result = call_user_func_array('db_query_range', $params);
+ $result = db_query_range("SELECT u.* FROM {users} u WHERE $query u.status < 3", $params, 0, 1);
and
- return call_user_func_array('db_query_range', array_merge(array($query), $args, array((int)$pager_from_array[$element], (int)$limit)));
+ return db_query_range($query, $args, (int)$pager_from_array[$element], (int)$limit);
I've tested it on mysql. I didn't alter the actual db behaviour, so pgsql should be okay too.
This patch is important because many people avoid the call_user_func_array() method and put data directly into the db query. This is very, very bad because the database prefix will be applied to it, and strip out braces. It's also generally bad form as you have to call check_query() yourself. With the new, documented syntax, there is no more excuse to put data directly in the query.
1) Menu problems with Postgres (this is a highly critical 1 line fix)
2) Archive module fails with Postgres
3) Postgres setup problems - changes to database.pgsql (although i made these changes myself before finding this patch)
4) Book module fails with Postgres
5) Postgres problems following creation of a new type of user - which is actually about a taxonomy.module bug.
6) Creating accregator_item_table in PostgreSQL
7) Postgres - Polls not displayed on Poll Page
8) Blog module has sql errors with postgres
This should not affect MySQL users (hopefully).
- Updates database.pgsql and database.mysql to work with current cvs. Patch
by Adrian.
- Updates update.php to be able to update postgres from 4.2 to current.
Patch by Adrian.
- Small fixes by me.
+ Changed node_form() to use good ol' tables instead of div/CSS-tags.
+ Revised the "revision API": I think we have both an easy and powerful
API now that should make everyone happy.
+ Improved the usability of the rollback functionality a bit.
+ Removed the "view node" link from the "node overview" page in the
admin section and added a "delete node" link instead.
+ Added a few missing translations; there might be missing more
translations though.
- book.module:
+ Made the book module use the "revision API" instead of having it poke
and use the innards and underlying details of the revision system.
- queue.module:
+ Made the queue module use the improved revision number.
- module.inc:
+ Applied Moshe's patch: added more arguments to module_invoke()
- mail-to-sql.pl:
+ Added support for more header fields and for folded fields
Notes:
- no database updates required
range of databases including MySQL, PostgreSQL, MSSQL, and others.
For additional information and an 'how to upgrade', check the mails
sent to the mailing list.
- Redid settings.module and even renamed it to conf.module.
* Settings are now grouped in basic categories like "system
settings", "module settings" and "filters".
* Added new settings to make Drupal easier to configure and
to make some aspects like the watchdog scale better.
- Renamed includes/settings.php to includes/conf.php.
- Added filter support to conf.module and introduced filter hooks so
modules can implement and export new filters. Example filters are
an HTML filter (implemented), a profanity filter, an url converter,
ASCII smileys to images filter and so on ...
- Reworked the check_* functions: user contributed content/input is
only verified and filtered once in its lifespan.
NOTES
- Altough this is a large commit, no database changes are required.
footer message like a copyright notice. Themes should use this!
- small improvement to example theme
- added theme_footer to theme marvin
- small improvement to database.inc
- added a couple of missing t() functions
- improved the comments module, fixed the score problem Jeroen
reported earlier -> it's slicker but I hope it won't break anything
- configuration:
+ renamed $db_name to $db_user
+ renamed $db_base to $db_name
- fixed small diary glitch
- fixed initial-comment-score problem
- fixed comment rating bug: improved the API and updated the
themes
- removed some tabs from Steven ;)
- fixed backend warnings and improved robustness
I'm not happy yet with the headline grabber - it generates
too many SQL errors.
- some small cosmetic changes in comment.module
- fixed minor glitch in format_interval()
Steven Wittens
Gerhard Killesreiter
Dries Buytaert
Kjartan Mannes