diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
| commit | 7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0 (patch) | |
| tree | 10ed694d0ce1c749bd3238022a96e8fd302abb85 /modules/profile/profile.admin.inc | |
| parent | 981d6ec40c88364b99cab27a434301bdf31f7bb8 (diff) | |
| download | brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.gz brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.bz2 | |
- Patch #465190 by Heine: add check_plain() call.
Diffstat (limited to 'modules/profile/profile.admin.inc')
| -rw-r--r-- | modules/profile/profile.admin.inc | 61 |
1 files changed, 42 insertions, 19 deletions
diff --git a/modules/profile/profile.admin.inc b/modules/profile/profile.admin.inc index 5ef53ffcb..bf1627f4f 100644 --- a/modules/profile/profile.admin.inc +++ b/modules/profile/profile.admin.inc @@ -17,7 +17,7 @@ function profile_admin_overview() { $form = array(); $categories = array(); - while ($field = db_fetch_object($result)) { + foreach ($result as $field) { // Collect all category information $categories[] = $field->category; @@ -74,7 +74,13 @@ function profile_admin_overview_submit($form, &$form_state) { $weight = $form_state['values'][$fid]['weight']; $category = $form_state['values'][$fid]['category']; if ($weight != $form[$fid]['weight']['#default_value'] || $category != $form[$fid]['category']['#default_value']) { - db_query("UPDATE {profile_field} SET weight = %d, category = '%s' WHERE fid = %d", $weight, $category, $fid); + db_update('profile_field') + ->fields(array( + 'weight' => $weight, + 'category' => $category, + )) + ->condition('fid', $fid) + ->execute(); } } } @@ -169,7 +175,7 @@ function profile_field_form(&$form_state, $arg = NULL) { if (is_numeric($arg)) { $fid = $arg; - $edit = db_fetch_array(db_query('SELECT * FROM {profile_field} WHERE fid = %d', $fid)); + $edit = db_query('SELECT * FROM {profile_field} WHERE fid = :fid', array('fid' => $fid))->fetchAssoc(); if (!$edit) { drupal_not_found(); @@ -305,19 +311,27 @@ function profile_field_form_validate($form, &$form_state) { if (strtolower($form_state['values']['category']) == 'account') { form_set_error('category', t('The specified category name is reserved for use by Drupal.')); } - $args1 = array($form_state['values']['title'], $form_state['values']['category']); - $args2 = array($form_state['values']['name']); - $query_suffix = ''; + $query = db_select('profile_field'); + $query->fields('profile_field', array('fid')); if (isset($form_state['values']['fid'])) { - $args1[] = $args2[] = $form_state['values']['fid']; - $query_suffix = ' AND fid != %d'; + $query->condition('fid', $form_state['values']['fid']); } - - if (db_result(db_query("SELECT fid FROM {profile_field} WHERE title = '%s' AND category = '%s'" . $query_suffix, $args1))) { + $query_name = clone $query; + + $title = $query + ->condition('title', $form_state['values']['title']) + ->condition('category', $form_state['values']['category']) + ->execute() + ->fetchField(); + if ($title) { form_set_error('title', t('The specified title is already in use.')); } - if (db_result(db_query("SELECT fid FROM {profile_field} WHERE name = '%s'" . $query_suffix, $args2))) { + $name = $query_name + ->condition('name', $form_state['values']['name']) + ->execute() + ->fetchField(); + if ($name) { form_set_error('name', t('The specified name is already in use.')); } if ($form_state['values']['visibility'] == PROFILE_HIDDEN) { @@ -341,14 +355,19 @@ function profile_field_form_submit($form, &$form_state) { $form_state['values']['page'] = ''; } if (!isset($form_state['values']['fid'])) { - db_query("INSERT INTO {profile_field} (title, name, explanation, category, type, weight, required, register, visibility, autocomplete, options, page) VALUES ('%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, '%s', '%s')", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['type'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page']); - + // Remove all elements that are not profile_field columns. + $values = array_intersect_key($form_state['values'], array_flip(array('type', 'category', 'title', 'name', 'explanation', 'visibility', 'page', 'weight', 'autocomplete', 'required', 'register', 'options'))); + db_insert('profile_field') + ->fields($values) + ->execute(); drupal_set_message(t('The field has been created.')); watchdog('profile', 'Profile field %field added under category %category.', array('%field' => $form_state['values']['title'], '%category' => $form_state['values']['category']), WATCHDOG_NOTICE, l(t('view'), 'admin/user/profile')); } else { - db_query("UPDATE {profile_field} SET title = '%s', name = '%s', explanation = '%s', category = '%s', weight = %d, required = %d, register = %d, visibility = %d, autocomplete = %d, options = '%s', page = '%s' WHERE fid = %d", $form_state['values']['title'], $form_state['values']['name'], $form_state['values']['explanation'], $form_state['values']['category'], $form_state['values']['weight'], $form_state['values']['required'], $form_state['values']['register'], $form_state['values']['visibility'], $form_state['values']['autocomplete'], $form_state['values']['options'], $form_state['values']['page'], $form_state['values']['fid']); - + db_update('profile_field') + ->fields($form_state['values']) + ->condition('fid', $form_state['values']['fid']) + ->exeucte(); drupal_set_message(t('The field has been updated.')); } cache_clear_all(); @@ -362,7 +381,7 @@ function profile_field_form_submit($form, &$form_state) { * Menu callback; deletes a field from all user profiles. */ function profile_field_delete(&$form_state, $fid) { - $field = db_fetch_object(db_query("SELECT title FROM {profile_field} WHERE fid = %d", $fid)); + $field = db_query("SELECT title FROM {profile_field} WHERE fid = :fid", array(':fid' => $fid))->fetchObject(); if (!$field) { drupal_not_found(); return; @@ -380,8 +399,12 @@ function profile_field_delete(&$form_state, $fid) { * Process a field delete form submission. */ function profile_field_delete_submit($form, &$form_state) { - db_query('DELETE FROM {profile_field} WHERE fid = %d', $form_state['values']['fid']); - db_query('DELETE FROM {profile_value} WHERE fid = %d', $form_state['values']['fid']); + db_delete('profile_field') + ->condition('fid', $form_state['values']['fid']) + ->execute(); + db_delete('profile_value') + ->condition('fid', $form_state['values']['fid']) + ->execute(); cache_clear_all(); @@ -398,7 +421,7 @@ function profile_field_delete_submit($form, &$form_state) { function profile_admin_settings_autocomplete($string) { $matches = array(); $result = db_query_range("SELECT category FROM {profile_field} WHERE LOWER(category) LIKE LOWER(:category)", array(':category' => $string . '%'), 0, 10); - while ($data = db_fetch_object($result)) { + foreach ($result as $data) { $matches[$data->category] = check_plain($data->category); } drupal_json($matches); |