diff options
| author | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
| commit | 7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0 (patch) | |
| tree | 10ed694d0ce1c749bd3238022a96e8fd302abb85 /modules/profile/profile.module | |
| parent | 981d6ec40c88364b99cab27a434301bdf31f7bb8 (diff) | |
| download | brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.gz brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.bz2 | |
- Patch #465190 by Heine: add check_plain() call.
Diffstat (limited to 'modules/profile/profile.module')
| -rw-r--r-- | modules/profile/profile.module | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/modules/profile/profile.module b/modules/profile/profile.module index f1b4d0c8a..e96fb33c2 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -140,8 +140,8 @@ function profile_block_list() { function profile_block_configure($delta = '') { // Compile a list of fields to show $fields = array(); - $result = db_query('SELECT name, title, weight, visibility FROM {profile_field} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS); - while ($record = db_fetch_object($result)) { + $result = db_query('SELECT name, title, weight, visibility FROM {profile_field} WHERE visibility IN (:visibility) ORDER BY weight', array(':visibility' => array(PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS))); + foreach ($result as $record) { $fields[$record->name] = check_plain($record->title); } $fields['user_profile'] = t('Link to full user profile'); @@ -175,8 +175,8 @@ function profile_block_view($delta = '') { if ($use_fields = variable_get('profile_block_author_fields', array())) { // Compile a list of fields to show. $fields = array(); - $result = db_query('SELECT name, title, type, visibility, weight FROM {profile_field} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS); - while ($record = db_fetch_object($result)) { + $result = db_query('SELECT name, title, weight, visibility FROM {profile_field} WHERE visibility IN (:visibility) ORDER BY weight', array(':visibility' => array(PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS))); + foreach ($result as $record) { // Ensure that field is displayed only if it is among the defined block fields and, if it is private, the user has appropriate permissions. if (isset($use_fields[$record->name]) && $use_fields[$record->name]) { $fields[] = $record; @@ -258,7 +258,9 @@ function profile_user_cancel(&$edit, &$account, $method) { switch ($method) { case 'user_cancel_reassign': case 'user_cancel_delete': - db_delete('profile_value')->condition('uid', $account->uid)->execute(); + db_delete('profile_value') + ->condition('uid', $account->uid) + ->execute(); break; } } @@ -277,12 +279,17 @@ function profile_user_load($users) { function profile_save_profile(&$edit, &$user, $category, $register = FALSE) { $result = _profile_get_fields($category, $register); - while ($field = db_fetch_object($result)) { + foreach ($result as $field) { if (_profile_field_serialize($field->type)) { $edit[$field->name] = serialize($edit[$field->name]); } - db_query("DELETE FROM {profile_value} WHERE fid = %d AND uid = %d", $field->fid, $user->uid); - db_query("INSERT INTO {profile_value} (fid, uid, value) VALUES (%d, %d, '%s')", $field->fid, $user->uid, $edit[$field->name]); + db_merge('profile_value') + ->key(array( + 'fid' => $field->fid, + 'uid' => $user->uid, + )) + ->fields(array('value' => $edit[$field->name])) + ->execute(); // Mark field as handled (prevents saving to user->data). $edit[$field->name] = NULL; } @@ -344,11 +351,11 @@ function profile_view_profile(&$user) { $result = db_query('SELECT * FROM {profile_field} WHERE visibility <> %d ORDER BY category, weight', PROFILE_HIDDEN); } else { - $result = db_query('SELECT * FROM {profile_field} WHERE visibility <> %d AND visibility <> %d ORDER BY category, weight', PROFILE_PRIVATE, PROFILE_HIDDEN); + $result = db_query('SELECT * FROM {profile_field} WHERE visibility <> :private AND visibility <> :hidden ORDER BY category, weight', array(':private' => PROFILE_PRIVATE, ':hidden' => PROFILE_HIDDEN)); } $fields = array(); - while ($field = db_fetch_object($result)) { + foreach ($result as $field) { if ($value = profile_view_field($user, $field)) { $title = ($field->type != 'checkbox') ? check_plain($field->title) : NULL; @@ -389,7 +396,7 @@ function profile_form_profile($edit, $user, $category, $register = FALSE) { $result = _profile_get_fields($category, $register); $weight = 1; $fields = array(); - while ($field = db_fetch_object($result)) { + foreach ($result as $field) { $category = $field->category; if (!isset($fields[$category])) { $fields[$category] = array('#type' => 'fieldset', '#title' => check_plain($category), '#weight' => $weight++); @@ -473,7 +480,7 @@ function _profile_update_user_fields($fields, $account) { function profile_validate_profile($edit, $category) { $result = _profile_get_fields($category); - while ($field = db_fetch_object($result)) { + foreach ($result as $field) { if ($edit[$field->name]) { if ($field->type == 'url') { if (!valid_url($edit[$field->name], TRUE)) { @@ -492,7 +499,7 @@ function profile_validate_profile($edit, $category) { function profile_categories() { $result = db_query("SELECT DISTINCT(category) FROM {profile_field}"); $data = array(); - while ($category = db_fetch_object($result)) { + foreach ($result as $category) { $data[] = array( 'name' => $category->category, 'title' => $category->category, @@ -512,7 +519,10 @@ function profile_category_access($account, $category) { return TRUE; } else { - $category_visible = (bool) db_query_range('SELECT 1 FROM {profile_field} WHERE category = :category AND visibility <> :visibility', array(':category' => $category, ':visibility' => PROFILE_HIDDEN), 0, 1)->fetchField(); + $category_visible = (bool) db_query_range('SELECT 1 FROM {profile_field} WHERE category = :category AND visibility <> :visibility', array( + ':category' => $category, + ':visibility' => PROFILE_HIDDEN + ), 0, 1)->fetchField(); return user_edit_access($account) && $category_visible; } } @@ -599,23 +609,21 @@ function _profile_field_serialize($type = NULL) { } function _profile_get_fields($category, $register = FALSE) { - $args = array(); - $sql = 'SELECT * FROM {profile_field} WHERE '; - $filters = array(); + $query = db_select('profile_field'); if ($register) { - $filters[] = 'register = 1'; + $query->condition('register', 1); } else { - // Use LOWER('%s') instead of PHP's strtolower() to avoid UTF-8 conversion issues. - $filters[] = "LOWER(category) = LOWER('%s')"; - $args[] = $category; + // Use LOWER(:category) instead of PHP's strtolower() to avoid UTF-8 conversion issues. + $query->where('LOWER(category) = LOWER(:category)', array(':category' => $category)); } if (!user_access('administer users')) { - $filters[] = 'visibility != %d'; - $args[] = PROFILE_HIDDEN; + $query->condition('visibility', PROFILE_HIDDEN); } - $sql .= implode(' AND ', $filters); - $sql .= ' ORDER BY category, weight'; - return db_query($sql, $args); + return $query + ->fields('profile_field') + ->orderBy('category', 'ASC') + ->orderBy('weight', 'ASC') + ->execute(); } |