Forked from
project / drupal
Source project has a limited visibility.
-
Dries Buytaert authored- Patch #9478 by JonBob: allow printf-style arguments in pager_query. Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature. This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
Dries Buytaert authored- Patch #9478 by JonBob: allow printf-style arguments in pager_query. Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature. This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.