diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-05-26 10:41:06 +0000 |
commit | 7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0 (patch) | |
tree | 10ed694d0ce1c749bd3238022a96e8fd302abb85 /modules/profile/profile.pages.inc | |
parent | 981d6ec40c88364b99cab27a434301bdf31f7bb8 (diff) | |
download | brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.gz brdo-7e36364c5cdd059dfb209d50473eb0f8ca4dc5e0.tar.bz2 |
- Patch #465190 by Heine: add check_plain() call.
Diffstat (limited to 'modules/profile/profile.pages.inc')
-rw-r--r-- | modules/profile/profile.pages.inc | 65 |
1 files changed, 39 insertions, 26 deletions
diff --git a/modules/profile/profile.pages.inc b/modules/profile/profile.pages.inc index 572d2365c..8f69d888b 100644 --- a/modules/profile/profile.pages.inc +++ b/modules/profile/profile.pages.inc @@ -13,7 +13,7 @@ function profile_browse() { // Ensure that the path is converted to 3 levels always. list(, $name, $value) = array_pad(explode('/', $_GET['q'], 3), 3, ''); - $field = db_fetch_object(db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_field} WHERE name = '%s'", $name)); + $field = db_query("SELECT DISTINCT(fid), type, title, page, visibility FROM {profile_field} WHERE name = :name", array(':name' => $name))->fetchObject(); if ($name && $field->fid) { // Only allow browsing of fields that have a page title set. @@ -28,37 +28,45 @@ function profile_browse() { } // Compile a list of fields to show. - $fields = array(); - $result = db_query('SELECT name, title, type, weight, page FROM {profile_field} WHERE fid <> %d AND visibility = %d ORDER BY weight', $field->fid, PROFILE_PUBLIC_LISTINGS); - while ($record = db_fetch_object($result)) { - $fields[] = $record; - } + $fields = db_query('SELECT name, title, type, weight, page FROM {profile_field} WHERE fid <> :fid AND visibility = :visibility ORDER BY weight', array( + ':fid' => $field->fid, + ':visibility' => PROFILE_PUBLIC_LISTINGS, + ))->fetchAll(); + + $query = db_select('users')->extend('PagerDefault'); + $query->join('profile_value', 'v', 'u.uid = v.uid'); + $query + ->fields('u', array('uid', 'access')) + ->condition('v.fid', $field->fid) + ->condition('u.access', 0, '<>') + ->condition('u.status', 0, '<>') + ->orderBy('u.access', 'DESC'); // Determine what query to use: $arguments = array($field->fid); switch ($field->type) { case 'checkbox': - $query = 'v.value = 1'; + $query->condition('v.value', 1); break; case 'textfield': case 'selection': - $query = "v.value = '%s'"; - $arguments[] = $value; + $query->condition('v.value', $value); break; case 'list': - $query = "v.value LIKE '%%%s%%'"; - $arguments[] = $value; + $query->condition('v.value', '%' . $value . '%', 'LIKE'); break; default: drupal_not_found(); return; } - // Extract the affected users: - $result = pager_query("SELECT u.uid, u.access FROM {users} u INNER JOIN {profile_value} v ON u.uid = v.uid WHERE v.fid = %d AND $query AND u.access <> 0 AND u.status <> 0 ORDER BY u.access DESC", 20, 0, NULL, $arguments)->fetchAllAssoc('uid'); + $uids = $query + ->limit(20) + ->execute() + ->fetchCol(); // Load the users. - $users = user_load_multiple(array_keys($result)); + $users = user_load_multiple($uids); $content = ''; foreach ($users as $account) { @@ -83,15 +91,20 @@ function profile_browse() { } else { // Compile a list of fields to show. - $fields = array(); - $result = db_query('SELECT name, title, type, weight, page, visibility FROM {profile_field} WHERE visibility = %d ORDER BY category, weight', PROFILE_PUBLIC_LISTINGS); - while ($record = db_fetch_object($result)) { - $fields[] = $record; - } + $fields = db_query('SELECT name, title, type, weight, page, visibility FROM {profile_field} WHERE visibility = :visibility ORDER BY category, weight', array(':visibility' => PROFILE_PUBLIC_LISTINGS))->fetchAll(); // Extract the affected users: - $result = pager_query('SELECT uid, access FROM {users} WHERE uid > 0 AND status <> 0 AND access <> 0 ORDER BY access DESC', 20, 0, NULL)->fetchAllAssoc('uid'); - $users = user_load_multiple(array_keys($result)); + $query = db_select('users', 'u')->extend('PagerDefault'); + $uids = $query + ->fields('u', array('uid', 'access')) + ->condition('u.uid', 0, '>') + ->condition('u.status', 0, '>') + ->condition('u.access', 0, '>') + ->orderBy('u.access', 'DESC') + ->limit(20) + ->execute() + ->fetchCol(); + $users = user_load_multiple($uids); $content = ''; foreach ($users as $account) { $profile = _profile_update_user_fields($fields, $account); @@ -100,7 +113,7 @@ function profile_browse() { $output = theme('profile_wrapper', $content); $output .= theme('pager', NULL); - drupal_set_title(t('User list'), PASS_THROUGH); + drupal_set_title(t('User list')); return $output; } } @@ -112,12 +125,12 @@ function profile_autocomplete($field, $string) { $matches = array(); $autocomplete_field = (bool) db_query_range("SELECT 1 FROM {profile_field} WHERE fid = :fid AND autocomplete = 1", array(':fid' => $field), 0, 1)->fetchField(); if ($autocomplete_field) { - $result = db_query_range("SELECT value FROM {profile_value} WHERE fid = :fid AND LOWER(value) LIKE LOWER(:value) GROUP BY value ORDER BY value ASC", array( + $values = db_query_range("SELECT value FROM {profile_value} WHERE fid = :fid AND LOWER(value) LIKE LOWER(:value) GROUP BY value ORDER BY value ASC", array( ':fid' => $field, ':value' => $string . '%', - ), 0, 10); - while ($data = db_fetch_object($result)) { - $matches[$data->value] = check_plain($data->value); + ), 0, 10)->fetchCol(); + foreach ($values as $value) { + $matches[$value] = check_plain($value); } } |