[drupal-devel] Bug#336719: Can you reproduce this on 4.5.3-4?

[Hilko Bengen]

notfound 336719 4.5.3-4
thank you

"Matthew A. Nicholson" <matt at matt-land.com> writes:

> I don't use 4.5.3, I use 4.5.5.  I can download 4.5.3 and compare the 
> source changes, but I don't use it and it's not an option for me to test 
> with it.  Give me a few hours and i'll get back to you. :)



4.5.3-4 is the current version in stable and that has a higher
priority for me right now than the version in testing/unstable.

This change got introduced to session.inc after 4.5.3:

 function sess_destroy($key) {
-  db_query("DELETE FROM {sessions} WHERE sid = '$key'");
+  db_query("DELETE FROM {sessions} WHERE sid = '%d'", $key);
 }

... and this is the last change that supposedly fixes the logout
problem.

 function sess_destroy($key) {
-  db_query("DELETE FROM {sessions} WHERE sid = '%d'", $key);
+  db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key);
 }

db_query uses sprintf to replace placeholder expressions if passed
more than one argument and it seems to me that using %s does the same
thing as PHP's string expansion as in 4.5.3.

I have removed version 4.5.3-4 from this bug. If you disagree, feel
free to add it again with a "found" statement to control at b.d.o, with a
rationale.

Cheers,
-Hilko