=== modified file 'includes/bootstrap.inc' --- includes/bootstrap.inc 2007-07-01 19:49:19 +0000 +++ includes/bootstrap.inc 2007-07-03 18:10:10 +0000 @@ -312,7 +312,7 @@ function conf_init() { $cookie_domain = substr($cookie_domain, 4); } $cookie_domain = explode(':', $cookie_domain); - $cookie_domain = '.'. array_shift($cookie_domain); + $cookie_domain = '.'. $cookie_domain[0]; // Per RFC 2109, cookie domains must contain at least one dot other than the // first. For hosts such as 'localhost' or IP Addresses we don't set a cookie domain. if (count(explode('.', $cookie_domain)) > 2 && !is_numeric(str_replace('.', '', $cookie_domain))) { @@ -850,10 +850,18 @@ function drupal_anonymous_user($session * DRUPAL_BOOTSTRAP_FULL: Drupal is fully loaded, validate and fix input data. */ function drupal_bootstrap($phase) { - static $phases = array(DRUPAL_BOOTSTRAP_CONFIGURATION, DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE, DRUPAL_BOOTSTRAP_DATABASE, DRUPAL_BOOTSTRAP_ACCESS, DRUPAL_BOOTSTRAP_SESSION, DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE, DRUPAL_BOOTSTRAP_LANGUAGE, DRUPAL_BOOTSTRAP_PATH, DRUPAL_BOOTSTRAP_FULL); + static $phases = array(DRUPAL_BOOTSTRAP_CONFIGURATION, DRUPAL_BOOTSTRAP_EARLY_PAGE_CACHE, DRUPAL_BOOTSTRAP_DATABASE, DRUPAL_BOOTSTRAP_ACCESS, DRUPAL_BOOTSTRAP_SESSION, DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE, DRUPAL_BOOTSTRAP_LANGUAGE, DRUPAL_BOOTSTRAP_PATH, DRUPAL_BOOTSTRAP_FULL), $phase_index = 0; - while (!is_null($current_phase = array_shift($phases))) { + // Do not rerun a phase. + if ($phase < $phase_index) { + return; + } + + while (!empty($phases)) { + $current_phase = $phases[$phase_index]; + unset($phases[$phase_index]); _drupal_bootstrap($current_phase); + $phase_index++; if ($phase == $current_phase) { return; } === modified file 'includes/database.inc' --- includes/database.inc 2007-07-02 14:41:34 +0000 +++ includes/database.inc 2007-07-03 15:27:50 +0000 @@ -157,30 +157,6 @@ function db_set_active($name = 'default' } /** - * Helper function for db_query(). - */ -function _db_query_callback($match, $init = FALSE) { - static $args = NULL; - if ($init) { - $args = $match; - return; - } - - switch ($match[1]) { - case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?) - return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe - case '%s': - return db_escape_string(array_shift($args)); - case '%%': - return '%'; - case '%f': - return (float) array_shift($args); - case '%b': // binary data - return db_encode_blob(array_shift($args)); - } -} - -/** * Indicates the place holders that should be replaced in _db_query_callback(). */ define('DB_QUERY_REGEXP', '/(%d|%s|%%|%f|%b)/'); === modified file 'includes/database.mysql-common.inc' --- includes/database.mysql-common.inc 2007-06-26 20:24:19 +0000 +++ includes/database.mysql-common.inc 2007-07-03 18:30:39 +0000 @@ -8,7 +8,7 @@ */ /** - * @ingroup schemaapi + * @ingroup database * @{ */ @@ -38,17 +38,119 @@ */ function db_query($query) { $args = func_get_args(); - array_shift($args); + return _db_query_mysql_prepare($query, $args); +} + +/** + * MySQL specific preparation for _db_query . + * + * @param $query + * The query. + * @param $args + * An array of arguments, see db_query for more. + */ +function _db_query_mysql_prepare($query, $args) { $query = db_prefix_tables($query); - if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax - $args = $args[0]; + // 'All arguments in one array' syntax. + if (isset($args[1]) && is_array($args[1])) { + $args = array_map('db_escape_string', $args[1]); + array_unshift($args, str_replace('%b', "'%s'", $query)); } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); + else { + $args = array_map('db_escape_string', $args); + $args[0] = str_replace('%b', "'%s'", $query); + } + $query = call_user_func_array('sprintf', $args); return _db_query($query); } /** + * Runs a SELECT query and stores its results in a temporary table. + * + * Use this as a substitute for db_query() when the results need to stored + * in a temporary table. Temporary tables exist for the duration of the page + * request. + * User-supplied arguments to the query should be passed in as separate parameters + * so that they can be properly escaped to avoid SQL injection attacks. + * + * Note that if you need to know how many results were returned, you should do + * a SELECT COUNT(*) on the temporary table afterwards. db_num_rows() and + * db_affected_rows() do not give consistent result across different database + * types in this case. + * + * @param $query + * A string containing a normal SELECT SQL query. + * @param ... + * A variable number of arguments which are substituted into the query + * using printf() syntax. The query arguments can be enclosed in one + * array instead. + * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose + * in '') and %%. + * + * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, + * and TRUE values to decimal 1. + * + * @param $table + * The name of the temporary table to select into. This name will not be + * prefixed as there is no risk of collision. + * @return + * A database query result resource, or FALSE if the query was not executed + * correctly. + */ +function db_query_temporary($query) { + $args = func_get_args(); + $tablename = array_pop($args); + $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', $query); + _db_query_mysql_prepare($query, $args); +} + +/** + * Runs a limited-range query in the active database. + * + * Use this as a substitute for db_query() when a subset of the query is to be + * returned. + * User-supplied arguments to the query should be passed in as separate parameters + * so that they can be properly escaped to avoid SQL injection attacks. + * + * @param $query + * A string containing an SQL query. + * @param ... + * A variable number of arguments which are substituted into the query + * using printf() syntax. The query arguments can be enclosed in one + * array instead. + * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose + * in '') and %%. + * + * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, + * and TRUE values to decimal 1. + * + * @param $from + * The first result row to return. + * @param $count + * The maximum number of result rows to return. + * @return + * A database query result resource, or FALSE if the query was not executed + * correctly. + */ +function db_query_range($query) { + $args = func_get_args(); + $n = count($args) - 1; + $count = $args[$n]; + $from = $args[$n - 1]; + unset($args[$n], $args[$n - 1]); + return _db_query_mysql_prepare($query . ' LIMIT '. (int)$from .', '. (int)$count, $args); +} + +/** + * @} End of "ingroup database". + */ + +/** + * @ingroup schemaapi + * @{ + */ + +/** * Generate SQL to create a new table from a Drupal schema definition. * * @param $name @@ -464,5 +566,3 @@ function db_last_insert_id($table, $fiel /** * @} End of "ingroup schemaapi". */ - -?> \ No newline at end of file === modified file 'includes/database.mysql.inc' --- includes/database.mysql.inc 2007-06-05 12:13:20 +0000 +++ includes/database.mysql.inc 2007-07-03 15:53:14 +0000 @@ -241,97 +241,6 @@ function db_affected_rows() { } /** - * Runs a limited-range query in the active database. - * - * Use this as a substitute for db_query() when a subset of the query is to be - * returned. - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * @param $query - * A string containing an SQL query. - * @param ... - * A variable number of arguments which are substituted into the query - * using printf() syntax. The query arguments can be enclosed in one - * array instead. - * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose - * in '') and %%. - * - * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, - * and TRUE values to decimal 1. - * - * @param $from - * The first result row to return. - * @param $count - * The maximum number of result rows to return. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query_range($query) { - $args = func_get_args(); - $count = array_pop($args); - $from = array_pop($args); - array_shift($args); - - $query = db_prefix_tables($query); - if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax - $args = $args[0]; - } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); - $query .= ' LIMIT '. (int)$from .', '. (int)$count; - return _db_query($query); -} - -/** - * Runs a SELECT query and stores its results in a temporary table. - * - * Use this as a substitute for db_query() when the results need to stored - * in a temporary table. Temporary tables exist for the duration of the page - * request. - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * Note that if you need to know how many results were returned, you should do - * a SELECT COUNT(*) on the temporary table afterwards. db_num_rows() and - * db_affected_rows() do not give consistent result across different database - * types in this case. - * - * @param $query - * A string containing a normal SELECT SQL query. - * @param ... - * A variable number of arguments which are substituted into the query - * using printf() syntax. The query arguments can be enclosed in one - * array instead. - * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose - * in '') and %%. - * - * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, - * and TRUE values to decimal 1. - * - * @param $table - * The name of the temporary table to select into. This name will not be - * prefixed as there is no risk of collision. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query_temporary($query) { - $args = func_get_args(); - $tablename = array_pop($args); - array_shift($args); - - $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); - if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax - $args = $args[0]; - } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); - return _db_query($query); -} - -/** * Returns a properly formatted Binary Large OBject value. * * @param $data === modified file 'includes/database.mysqli.inc' --- includes/database.mysqli.inc 2007-06-05 12:13:20 +0000 +++ includes/database.mysqli.inc 2007-07-03 15:53:31 +0000 @@ -239,97 +239,6 @@ function db_affected_rows() { } /** - * Runs a limited-range query in the active database. - * - * Use this as a substitute for db_query() when a subset of the query is to be - * returned. - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * @param $query - * A string containing an SQL query. - * @param ... - * A variable number of arguments which are substituted into the query - * using printf() syntax. The query arguments can be enclosed in one - * array instead. - * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose - * in '') and %%. - * - * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, - * and TRUE values to decimal 1. - * - * @param $from - * The first result row to return. - * @param $count - * The maximum number of result rows to return. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query_range($query) { - $args = func_get_args(); - $count = array_pop($args); - $from = array_pop($args); - array_shift($args); - - $query = db_prefix_tables($query); - if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax - $args = $args[0]; - } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); - $query .= ' LIMIT '. (int)$from .', '. (int)$count; - return _db_query($query); -} - -/** - * Runs a SELECT query and stores its results in a temporary table. - * - * Use this as a substitute for db_query() when the results need to stored - * in a temporary table. Temporary tables exist for the duration of the page - * request. - * User-supplied arguments to the query should be passed in as separate parameters - * so that they can be properly escaped to avoid SQL injection attacks. - * - * Note that if you need to know how many results were returned, you should do - * a SELECT COUNT(*) on the temporary table afterwards. db_num_rows() and - * db_affected_rows() do not give consistent result across different database - * types in this case. - * - * @param $query - * A string containing a normal SELECT SQL query. - * @param ... - * A variable number of arguments which are substituted into the query - * using printf() syntax. The query arguments can be enclosed in one - * array instead. - * Valid %-modifiers are: %s, %d, %f, %b (binary data, do not enclose - * in '') and %%. - * - * NOTE: using this syntax will cast NULL and FALSE values to decimal 0, - * and TRUE values to decimal 1. - * - * @param $table - * The name of the temporary table to select into. This name will not be - * prefixed as there is no risk of collision. - * @return - * A database query result resource, or FALSE if the query was not executed - * correctly. - */ -function db_query_temporary($query) { - $args = func_get_args(); - $tablename = array_pop($args); - array_shift($args); - - $query = preg_replace('/^SELECT/i', 'CREATE TEMPORARY TABLE '. $tablename .' Engine=HEAP SELECT', db_prefix_tables($query)); - if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax - $args = $args[0]; - } - _db_query_callback($args, TRUE); - $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); - return _db_query($query); -} - -/** * Returns a properly formatted Binary Large Object value. * * @param $data === modified file 'includes/database.pgsql.inc' --- includes/database.pgsql.inc 2007-06-26 20:24:19 +0000 +++ includes/database.pgsql.inc 2007-07-03 15:27:46 +0000 @@ -459,6 +459,30 @@ function db_distinct_field($table, $fiel } /** + * Helper function for db_query(). + */ +function _db_query_callback($match, $init = FALSE) { + static $args = NULL; + if ($init) { + $args = $match; + return; + } + + switch ($match[1]) { + case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?) + return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe + case '%s': + return db_escape_string(array_shift($args)); + case '%%': + return '%'; + case '%f': + return (float) array_shift($args); + case '%b': // binary data + return db_encode_blob(array_shift($args)); + } +} + +/** * @} End of "ingroup database". */ === modified file 'includes/module.inc' --- includes/module.inc 2007-06-27 21:59:33 +0000 +++ includes/module.inc 2007-07-03 18:11:21 +0000 @@ -380,8 +380,9 @@ function module_implements($hook, $sort */ function module_invoke() { $args = func_get_args(); - $module = array_shift($args); - $hook = array_shift($args); + $module = $args[0]; + $hook = $args[1]; + unset($args[0], $args[1]); $function = $module .'_'. $hook; if (module_hook($module, $hook)) { return call_user_func_array($function, $args); @@ -400,7 +401,8 @@ function module_invoke() { */ function module_invoke_all() { $args = func_get_args(); - $hook = array_shift($args); + $hook = $args[0]; + unset($args[0]); $return = array(); foreach (module_implements($hook) as $module) { $function = $module .'_'. $hook;