Index: banner.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/banner/banner.module,v retrieving revision 1.47 diff -u -r1.47 banner.module --- banner.module 19 Feb 2005 18:07:14 -0000 1.47 +++ banner.module 21 Mar 2005 19:57:43 -0000 @@ -271,7 +271,7 @@ if ($banner) { db_query('UPDATE {banner} SET clicks = clicks + 1, day_clicks = day_clicks + 1, week_clicks = week_clicks + 1 WHERE id = %d', $id); if ($banner->max_clicks > 0 && ($banner->clicks + 1) == $banner->max_clicks) { - watchdog('special', strtr("banner: '%banner' %status, reached max of %clicks clicks.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => _banner_status(5), '%clicks' => "$banner->max_clicks"))); + watchdog('special', strtr("banner: '%banner' %status, reached max of %clicks clicks.", WATCHDOG_WARNING, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => _banner_status(5), '%clicks' => "$banner->max_clicks"))); // status = 5 : blocked (set banner to 'blocked' status) db_query('UPDATE {banner} SET status = 5 WHERE id = %d', $id); _banner_refresh_cache(); @@ -429,27 +429,27 @@ while ($banner = db_fetch_object($result)) { // update banner status if ((isset($edit["status$banner->id"])) && ($edit["status$banner->id"] != $banner->status) && (($banner->status == 1) || ($banner->status == 2) || ($banner->status == 3) || ($banner->status == 4))) { - watchdog('special', strtr("banner: '%banner' %status.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => (_banner_status($edit["status$banner->id"]))))); + watchdog('special', strtr("banner: '%banner' %status.", array('%banner' => l("$banner->title", WATCHDOG_NOTICE, "admin/banner/edit/$banner->id"), '%status' => (_banner_status($edit["status$banner->id"]))))); db_query("UPDATE {banner} SET status = '%d' where id = '%d'", $edit["status$banner->id"], $banner->id); } // update daily notification status if (isset($edit["day_notify$banner->id"]) && ($edit["day_notify$banner->id"] != $banner->day_notify)) { - watchdog('special', strtr("banner: '%banner' daily notification %status.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => ($edit["day_notify$banner->id"] ? t('enabled') : t('disabled'))))); + watchdog('special', strtr("banner: '%banner' daily notification %status.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => ($edit["day_notify$banner->id"] ? t('enabled') : t('disabled'))))); db_query("UPDATE {banner} SET day_notify = '%d' where id = '%d'", $edit["day_notify$banner->id"], $banner->id); } // update weekly notification status if (isset($edit["week_notify$banner->id"]) && ($edit["week_notify$banner->id"] != $banner->week_notify)) { - watchdog('special', strtr("banner: '%banner' weekly notification %status.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => ($edit["week_notify$banner->id"] ? t('enabled') : t('disabled'))))); + watchdog('special', strtr("banner: '%banner' weekly notification %status.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%status' => ($edit["week_notify$banner->id"] ? t('enabled') : t('disabled'))))); db_query("UPDATE {banner} SET week_notify = '%d' where id = '%d'", $edit["week_notify$banner->id"], $banner->id); } // update day_max_views if (isset($edit["dailyviews$banner->id"]) && ($edit["dailyviews$banner->id"] != $banner->day_max_views)) { - watchdog('special', strtr("banner: '%banner' day_max_views set to '%day_max_views'.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%day_max_views' => $edit["dailyviews$banner->id"]))); + watchdog('special', strtr("banner: '%banner' day_max_views set to '%day_max_views'.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%day_max_views' => $edit["dailyviews$banner->id"]))); db_query("UPDATE {banner} SET day_max_views = '%d' where id = '%d'", $edit["dailyviews$banner->id"], $banner->id); } // update week_max_views if (isset($edit["weeklyviews$banner->id"]) && ($edit["weeklyviews$banner->id"] != $banner->week_max_views)) { - watchdog('special', strtr("banner: '%banner' week_max_views set to '%week_max_views'.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%week_max_views' => $edit["weeklyviews$banner->id"]))); + watchdog('special', strtr("banner: '%banner' week_max_views set to '%week_max_views'.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id"), '%week_max_views' => $edit["weeklyviews$banner->id"]))); db_query("UPDATE {banner} SET week_max_views = '%d' where id = '%d'", $edit["weeklyviews$banner->id"], $banner->id); $string .= t("Banner '%banner' updated successfully.", array('%banner' => "$banner->title")) . '
'; } @@ -487,7 +487,7 @@ $edit['uid'] = $user->uid; foreach ($fields as $field) { - $values[] = (string)check_query($edit[$field]); + $values[] = (string)db_escape_string($edit[$field]); } db_query('INSERT INTO {banner} (' .implode(', ', $fields). ") VALUES ('" .implode("', '", $values). "')"); @@ -561,11 +561,11 @@ $result = db_query('SELECT title, unpublish_date, publish_date, id FROM {banner}'); while ($banner = db_fetch_object($result)) { if (($banner->unpublish_date) && ($banner->unpublish_date < time())) { - watchdog('special', strtr("banner: '%banner' automatically unpublished.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id")))); + watchdog('special', strtr("banner: '%banner' automatically unpublished.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id")))); db_query('UPDATE {banner} SET unpublish_date = 0, status = 5 WHERE id = '. $banner->id); } else if (($banner->publish_date) && ($banner->publish_date < time())) { - watchdog('special', strtr("banner: '%banner' automatically published.", array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id")))); + watchdog('special', strtr("banner: '%banner' automatically published.", WATCHDOG_NOTICE, array('%banner' => l("$banner->title", "admin/banner/edit/$banner->id")))); db_query('UPDATE {banner} SET publish_date = 0, status = 1 WHERE id = '. $banner->id); } } @@ -866,7 +866,7 @@ if ($edit['id']) { // update foreach ($fields as $field) { - $update[] = "$field = '" .check_query($edit[$field]). "'"; + $update[] = "$field = '" .db_escape_string($edit[$field]). "'"; } _banner_refresh_cache(); @@ -880,7 +880,7 @@ $edit['id'] = db_next_id('banner'); foreach ($fields as $field) { - $values[] = (string)check_query($edit[$field]); + $values[] = (string)db_escape_string($edit[$field]); } db_query('INSERT INTO {banner} (' .implode(', ', $fields). ") VALUES ('" .implode("', '", $values). "')"); @@ -896,7 +896,7 @@ function banner_delete($edit) { file_delete(db_result(db_query('SELECT path FROM {banner} WHERE id = %d', $edit['id']))); - watchdog('special', strtr("banner: '%banner' deleted.", array('%banner' => l("$edit[title]", "admin/banner/edit/$edit[id]")))); + watchdog('special', strtr("banner: '%banner' deleted.", WATCHDOG_NOTICE, array('%banner' => l("$edit[title]", "admin/banner/edit/$edit[id]")))); db_query('DELETE FROM {banner} WHERE id = %d', $edit['id']); _banner_refresh_cache(); drupal_set_message(t('banner deleted.'));