Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
If a join definition extra is numeric and has an array of values, the values are still surrounded by quotes. Patch attach, UNTESTED.
Comment | File | Size | Author |
---|---|---|---|
#1 | join-quotes.patch | 1.97 KB | bjaspan |
join-quotes.patch | 1.7 KB | bjaspan | |
Comments
Comment #1
bjaspan CreditAttribution: bjaspan commentedAdd a comment explaining $q.
Comment #2
bjaspan CreditAttribution: bjaspan commentedThe join code should also validate the input values before adding them to the SQL directly; too big a risk of an injection attack. Furthermore, the documentation should mention this loudly. I don't want to see an SA later in which a value from an argument gets used as an extra join value...
Comment #3
merlinofchaos CreditAttribution: merlinofchaos commentedOk, patch cleaned up and committed, along with a method to ensure the type safety of the arguments. I think this could be cleaned up some more, even, but I'm ok with it the way it is for now.
It also goes the extra mile to replace IN () with = for single values, which always prettifies queries.
Comment #4
Anonymous (not verified) CreditAttribution: Anonymous commentedAutomatically closed -- issue fixed for two weeks with no activity.