Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Parts of update_124 will fail if an anonymous commentor's name contains a single quote. To fix this, I updated update_sql to accept additional parameters that it sends on to db_query. I also moved update_sql to the top of the file. The only problem I could find with this approach is that the query displayed by update.php contains the substitute parameter (%s or %d), not the actual parameter.
I'd appreciate if someone else could take a look and see if there's a better way to do this. I think that update_sql should have this functionality anyway, though.
Comment | File | Size | Author |
---|---|---|---|
#6 | updates-4-5_0.patch | 2.59 KB | Junyor |
#5 | updates-cvs_0.patch | 2.37 KB | Junyor |
#3 | updates-cvs.patch | 2.3 KB | Junyor |
#2 | updates-4-5.patch | 2.14 KB | Junyor |
#1 | updates_2.patch | 2.06 KB | Junyor |
Comments
Comment #1
Junyor CreditAttribution: Junyor commentedHere's the same patch for 4.5.2.
BTW, there was an $edit variable in update_sql that appeared to be unused, so I removed it in both of these patches.
Comment #2
Junyor CreditAttribution: Junyor commentedMade the patch a bit better. Here's a new version for CVS.
Comment #3
Junyor CreditAttribution: Junyor commentedThat one was actually for 4.5.x. Here's the one for CVS.
Comment #4
Steven CreditAttribution: Steven commentedThis patch means that db arguments to update_sql() may not be passed as an array, but must be passed literally. Otherwise, an array with an array in it would be passed to db_query.
This is confusing and inconsistent with the other db_ functions, so I would say we need to change the patch so it also accepts either syntax, like the rest of the db functions.
Comment #5
Junyor CreditAttribution: Junyor commentedI think this should do it. Patch for HEAD.
Comment #6
Junyor CreditAttribution: Junyor commentedPatch for 4.5.2.
Comment #7
Dries CreditAttribution: Dries commentedCommitted a modified patch to HEAD and DRUPAL-4-6. Thanks.
Comment #8
(not verified) CreditAttribution: commented