Index: includes/database.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.inc,v retrieving revision 1.88 diff -u -p -r1.88 database.inc --- includes/database.inc 19 Dec 2007 13:03:16 -0000 1.88 +++ includes/database.inc 20 Dec 2007 09:29:15 -0000 @@ -349,11 +349,11 @@ function db_rewrite_sql($query, $primary } /** - * Restrict a dynamic tablename to safe characters. + * Restrict a dynamic table, column or constraint name to safe characters. * * Only keeps alphanumeric and underscores. */ -function db_escape_table($string) { +function db_escape_constraint($string) { return preg_replace('/[^A-Za-z0-9_]+/', '', $string); } Index: includes/database.mysql.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.mysql.inc,v retrieving revision 1.85 diff -u -p -r1.85 database.mysql.inc --- includes/database.mysql.inc 19 Dec 2007 13:03:16 -0000 1.85 +++ includes/database.mysql.inc 20 Dec 2007 09:29:15 -0000 @@ -332,7 +332,7 @@ function db_escape_string($text) { * Lock a table. */ function db_lock_table($table) { - db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE'); + db_query('LOCK TABLES {'. db_escape_constraint($table) .'} WRITE'); } /** @@ -346,7 +346,7 @@ function db_unlock_tables() { * Check if a table exists. */ function db_table_exists($table) { - return db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")) ? TRUE : FALSE; + return db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_constraint($table) ."}'")) ? TRUE : FALSE; } /** Index: includes/database.mysqli.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.mysqli.inc,v retrieving revision 1.51 diff -u -p -r1.51 database.mysqli.inc --- includes/database.mysqli.inc 19 Dec 2007 13:03:16 -0000 1.51 +++ includes/database.mysqli.inc 20 Dec 2007 09:29:15 -0000 @@ -333,7 +333,7 @@ function db_escape_string($text) { * Lock a table. */ function db_lock_table($table) { - db_query('LOCK TABLES {'. db_escape_table($table) .'} WRITE'); + db_query('LOCK TABLES {'. db_escape_constraint($table) .'} WRITE'); } /** @@ -347,7 +347,7 @@ function db_unlock_tables() { * Check if a table exists. */ function db_table_exists($table) { - return db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_table($table) ."}'")) ? TRUE : FALSE; + return db_fetch_object(db_query("SHOW TABLES LIKE '{". db_escape_constraint($table) ."}'")) ? TRUE : FALSE; } /** Index: includes/database.pgsql.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/database.pgsql.inc,v retrieving revision 1.65 diff -u -p -r1.65 database.pgsql.inc --- includes/database.pgsql.inc 19 Dec 2007 13:03:16 -0000 1.65 +++ includes/database.pgsql.inc 20 Dec 2007 09:29:15 -0000 @@ -369,7 +369,7 @@ function db_escape_string($text) { * This function automatically starts a transaction. */ function db_lock_table($table) { - db_query('BEGIN; LOCK TABLE {'. db_escape_table($table) .'} IN EXCLUSIVE MODE'); + db_query('BEGIN; LOCK TABLE {'. db_escape_constraint($table) .'} IN EXCLUSIVE MODE'); } /** @@ -384,14 +384,14 @@ function db_unlock_tables() { * Check if a table exists. */ function db_table_exists($table) { - return db_result(db_query("SELECT COUNT(*) FROM pg_class WHERE relname = '{". db_escape_table($table) ."}'")); + return db_result(db_query("SELECT COUNT(*) FROM pg_class WHERE relname = '{". db_escape_constraint($table) ."}'")); } /** * Check if a column exists in the given table. */ function db_column_exists($table, $column) { - return db_result(db_query("SELECT COUNT(pg_attribute.attname) FROM pg_class, pg_attribute WHERE pg_attribute.attrelid = pg_class.oid AND pg_class.relname = '{". db_escape_table($table) ."}' AND attname='%s'", $column)); + return db_result(db_query("SELECT COUNT(pg_attribute.attname) FROM pg_class, pg_attribute WHERE pg_attribute.attrelid = pg_class.oid AND pg_class.relname = '{". db_escape_constraint($table) ."}' AND attname='%s'", $column)); } /** Index: includes/tablesort.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/tablesort.inc,v retrieving revision 1.46 diff -u -p -r1.46 tablesort.inc --- includes/tablesort.inc 14 Jun 2007 06:12:09 -0000 1.46 +++ includes/tablesort.inc 20 Dec 2007 09:29:15 -0000 @@ -39,9 +39,9 @@ function tablesort_init($header) { function tablesort_sql($header, $before = '') { $ts = tablesort_init($header); if ($ts['sql']) { - $sql = db_escape_string($ts['sql']); - $sort = drupal_strtoupper(db_escape_string($ts['sort'])); - return " ORDER BY $before $sql $sort"; + $sql = db_escape_constraint($ts['sql']); + $sort = drupal_strtoupper(db_escape_constraint($ts['sort'])); + return " ORDER BY ". implode(" ", array($before, $sql, $sort)); } } Index: modules/statistics/statistics.module =================================================================== RCS file: /cvs/drupal/drupal/modules/statistics/statistics.module,v retrieving revision 1.270 diff -u -p -r1.270 statistics.module --- modules/statistics/statistics.module 19 Dec 2007 19:13:29 -0000 1.270 +++ modules/statistics/statistics.module 20 Dec 2007 09:29:15 -0000 @@ -206,7 +206,7 @@ function statistics_cron() { * or FALSE if the query could not be executed correctly. */ function statistics_title_list($dbfield, $dbrows) { - return db_query_range(db_rewrite_sql("SELECT n.nid, n.title, u.uid, u.name FROM {node} n INNER JOIN {node_counter} s ON n.nid = s.nid INNER JOIN {users} u ON n.uid = u.uid WHERE %s <> '0' AND n.status = 1 ORDER BY %s DESC"), 's.'. $dbfield, 's.'. $dbfield, 0, $dbrows); + return db_query_range(db_rewrite_sql("SELECT n.nid, n.title, u.uid, u.name FROM {node} n INNER JOIN {node_counter} s ON n.nid = s.nid INNER JOIN {users} u ON n.uid = u.uid WHERE s.". db_escape_constraint($dbfield) ." != 0 AND n.status = 1 ORDER BY s.". db_escape_constraint($dbfield) ." DESC"), 0, $dbrows); } Index: modules/system/system.module =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.module,v retrieving revision 1.566 diff -u -p -r1.566 system.module --- modules/system/system.module 20 Dec 2007 08:57:55 -0000 1.566 +++ modules/system/system.module 20 Dec 2007 09:29:15 -0000 @@ -1196,7 +1196,7 @@ function system_cron() { db_query('DELETE FROM {batch} WHERE timestamp < %d', time() - 864000); // Remove temporary files that are older than DRUPAL_MAXIMUM_TEMP_FILE_AGE. - $result = db_query('SELECT * FROM {files} WHERE status = %s and timestamp < %d', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE); + $result = db_query('SELECT * FROM {files} WHERE status = %d and timestamp < %d', FILE_STATUS_TEMPORARY, time() - DRUPAL_MAXIMUM_TEMP_FILE_AGE); while ($file = db_fetch_object($result)) { if (file_exists($file->filepath)) { // If files that exist cannot be deleted, continue so the database remains