You are here

function locale_update_6006 in Drupal 6

Neutralize unsafe language names in the database.

Related topics

File

modules/locale/locale.install, line 206

Code

function locale_update_6006() {
  $ret = array();
  $matches = db_result(db_query("SELECT 1 FROM {languages} WHERE native LIKE '%<%' OR native LIKE '%>%' OR name LIKE '%<%' OR name LIKE '%>%'"));
  if ($matches) {
    $ret[] = update_sql("UPDATE {languages} SET name = REPLACE(name, '<', ''), native = REPLACE(native, '<', '')");
    $ret[] = update_sql("UPDATE {languages} SET name = REPLACE(name, '>', ''), native = REPLACE(native, '>', '')");
    drupal_set_message('The language name in English and the native language name values of all the existing custom languages of your site have been sanitized for security purposes. Visit the <a href="' . url('admin/settings/language') . '">Languages</a> page to check these and fix them if necessary.', 'warning');
  }

  // Check if some langcode values contain potentially dangerous characters and
  // warn the user if so. These are not fixed since they are referenced in other
  // tables (e.g. {node}).
  if (db_result(db_query("SELECT 1 FROM {languages} WHERE language LIKE '%<%' OR language LIKE '%>%' OR language LIKE '%\"%' OR language LIKE '%\\\\\\%'"))) {
    drupal_set_message('Some of your custom language code values contain invalid characters. You should examine the <a href="' . url('admin/settings/language') . '">Languages</a> page. These must be fixed manually.', 'error');
  }
  return $ret;
}