- #37956: Respect weighting in profile browse pages

- Fix non-pgsql compliant ORDER BY queries - Clean up ugly section that used db_escape_string()
author: Steven Wittens <steven@10.no-reply.drupal.org> 2005-11-24 20:54:22 +0000
committer: Steven Wittens <steven@10.no-reply.drupal.org> 2005-11-24 20:54:22 +0000
commit: a5c43ec402cdcc1f81271009ae86960a2587b0b7 (patch)
tree: e1736cf071a5a2eb96748421705d3f2dc3849e32 /modules/profile
parent: b1bb2d5c602c63fb6e94988d33f044d2a2ab0e26 (diff)
download: brdo-a5c43ec402cdcc1f81271009ae86960a2587b0b7.tar.gz
brdo-a5c43ec402cdcc1f81271009ae86960a2587b0b7.tar.bz2
1 files changed, 15 insertions, 12 deletions
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 605e9ccb3..25e14299b 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -60,7 +60,7 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
   else if ($op == 'configure' && $delta == 0) {
     // Compile a list of fields to show
     $fields = array();
-    $result = db_query('SELECT name, title FROM {profile_fields} ORDER BY weight');
+    $result = db_query('SELECT name, title, weight FROM {profile_fields} ORDER BY weight');
     while ($record = db_fetch_object($result)) {
       $fields[$record->name] = $record->title;
     }
@@ -80,10 +80,10 @@ function profile_block($op = 'list', $delta = 0, $edit = array()) {
         if ($use_fields = variable_get('profile_block_author_fields', array())) {
           // Compile a list of fields to show
           $fields = array();
-          $result = db_query('SELECT name, title, type, visibility FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
-            while ($record = db_fetch_object($result)) {
-              // Endure that field is displayed only if it is among the defined block fields and, if it is private, the user has appropriate permissions.
-              if (in_array($record->name, $use_fields)) {
+          $result = db_query('SELECT name, title, type, visibility, weight FROM {profile_fields} WHERE visibility IN (%d, %d) ORDER BY weight', PROFILE_PUBLIC, PROFILE_PUBLIC_LISTINGS);
+          while ($record = db_fetch_object($result)) {
+            // Ensure that field is displayed only if it is among the defined block fields and, if it is private, the user has appropriate permissions.
+            if (in_array($record->name, $use_fields)) {
               $fields[] = $record;
             }
           }
@@ -159,21 +159,24 @@ function profile_browse() {
 
     // Compile a list of fields to show
     $fields = array();
-    $result = db_query('SELECT name, title, type FROM {profile_fields} WHERE fid != %d AND visibility = %d ORDER BY weight', $field->fid, PROFILE_PUBLIC_LISTINGS);
+    $result = db_query('SELECT name, title, type, weight FROM {profile_fields} WHERE fid != %d AND visibility = %d ORDER BY weight', $field->fid, PROFILE_PUBLIC_LISTINGS);
     while ($record = db_fetch_object($result)) {
       $fields[] = $record;
     }
 
     // Determine what query to use:
+    $arguments = array($field->fid);
     switch ($field->type) {
       case 'checkbox':
         $query = 'v.value = 1';
         break;
       case 'selection':
-        $query = "v.value = '". db_escape_string($value) ."'";
+        $query = "v.value = '%s'";
+        $arguments[] = $value;
         break;
       case 'list':
-        $query = "v.value LIKE '%%". db_escape_string($value) ."%%'";
+        $query = "v.value LIKE '%%%s%%'";
+        $arguments[] = $value;
         break;
       default:
         drupal_not_found();
@@ -181,7 +184,7 @@ function profile_browse() {
     }
 
     // Extract the affected users:
-    $result = pager_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = %d AND $query ORDER BY u.access DESC", 20, 0, NULL, $field->fid);
+    $result = pager_query("SELECT u.uid, u.access FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = %d AND $query ORDER BY u.access DESC", 20, 0, NULL, $arguments);
 
     $output = '<div id="profile">';
     while ($account = db_fetch_object($result)) {
@@ -208,13 +211,13 @@ function profile_browse() {
   else {
     // Compile a list of fields to show
     $fields = array();
-    $result = db_query('SELECT name, title, type FROM {profile_fields} WHERE visibility = %d', PROFILE_PUBLIC_LISTINGS);
+    $result = db_query('SELECT name, title, type, weight FROM {profile_fields} WHERE visibility = %d ORDER BY weight', PROFILE_PUBLIC_LISTINGS);
     while ($record = db_fetch_object($result)) {
       $fields[] = $record;
     }
 
     // Extract the affected users:
-    $result = pager_query("SELECT uid FROM {users} WHERE uid > 0 ORDER BY access DESC", 20, 0, NULL);
+    $result = pager_query("SELECT uid, access FROM {users} WHERE uid > 0 ORDER BY access DESC", 20, 0, NULL);
 
     $output = '<div id="profile">';
     while ($account = db_fetch_object($result)) {
@@ -634,7 +637,7 @@ function theme_profile_listing($account, $fields = array()) {
 
   foreach ($fields as $field) {
     if ($field->value) {
-      $output .= " <div class=\"field\">$value</div>\n";
+      $output .= " <div class=\"field\">$field->value</div>\n";
     }
   }
author	Steven Wittens <steven@10.no-reply.drupal.org>	2005-11-24 20:54:22 +0000
committer	Steven Wittens <steven@10.no-reply.drupal.org>	2005-11-24 20:54:22 +0000
commit	a5c43ec402cdcc1f81271009ae86960a2587b0b7 (patch)
tree	e1736cf071a5a2eb96748421705d3f2dc3849e32 /modules/profile
parent	b1bb2d5c602c63fb6e94988d33f044d2a2ab0e26 (diff)
download	brdo-a5c43ec402cdcc1f81271009ae86960a2587b0b7.tar.gz brdo-a5c43ec402cdcc1f81271009ae86960a2587b0b7.tar.bz2