Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.
The attached patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
Comment | File | Size | Author |
---|---|---|---|
pager.patch | 5.22 KB | JonBob | |
Comments
Comment #1
Dries CreditAttribution: Dries commentedExcellent change. Committed to HEAD.
Comment #2
(not verified) CreditAttribution: commented