Drupal 7.x /includes/database/database.inc SQL注入漏洞

Includes/database/database.inc protected function expandArguments&$query, &$args $modified = FALSE; foreach arrayfilter$args, 'isarray' as $key = $data $newkeys = array; foreach $data as $i = $value $newkeys$key . '' . $i = $value; $query = pregreplace'' . $key . '\b', implode', ',...